Security fixes:
=================
- Remove import-time loading of timezone offset data from pickle to prevent
unsafe deserialization from packaged data
- Replace eval() use when parsing no_word_spacing with strict boolean
parsing to prevent code execution from locale metadata (#1056)
New features:
=============
- Add support for expressions like "N {interval} from now" in English (#1271)
- Add support for the en-US locale (#1222)
Fixes:
========
- Honor REQUIRE_PARTS for ambiguous month-number inputs by retrying with a
year-biased DATE_ORDER (#1298)
- Fix parsing word-number relative phrases such as "two days later" (#1316)
- Allow md5hash to work in FIPS environments (#1267)
Improvements:
=============
- Add Bosnian Cyrillic (ijekavica) date translations (#1293)
- Add a new browser-based demo to the project documentation (#1306)
- Update installation documentation to replace setup.py install guidance
- Add a project security policy
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
Fixed AttributeError in start_notify() and stop_notify() on Android.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
===========
- Dropped support for Python 3.9
- Added a ttl parameter to the anyio.functools.lru_cache wrapper
- Widened the type annotations of file I/O streams to accept IO[bytes] instead
of just BinaryIO
- Fixed anyio.Path not being compatible with Python 3.15 due to the removal of
pathlib.Path.is_reserved() and the addition of pathlib.Path.__vfspath__()
- Fixed the BrokenResourceError raised by the asyncio SocketStream not having
the original exception as its cause
- Fixed the TypeError raised when using "func" as a parameter name in
pytest.mark.parametrize when using the pytest plugin
- Fixed the pytest plugin not running tests that had the anyio marker added
programmatically via pytest_collection_modifyitems
- Fixed cancellation exceptions leaking from a CancelScope on asyncio when they
are contained in an exception group alongside non-cancellation exceptions
- Fixed Condition.wait() not passing on a notification when the task is
cancelled but already received a notification
- Fixed inverted condition in the process pool shutdown phase which would cause
still-running pooled processes not to be terminated
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changes:
* Support Python 3.14
* Fix bug in Levenshtein distance when substitution_cost > 2
* Fix bug in Treebank detokeniser re quote ordering
* Fix bug in Jaro similarity for empty strings
* Several security enhancements
* Fix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder
* Implement TextTiling vocabulary introduction method (Hearst 1997)
* Fix ALINE feature matrix errors and add comprehensive tests
* Support multiple VerbNet versions, fix longid/shortid regex for VerbNet ids
* Let downloader fallback to md5 when sha256 is unavailable
* Several other minor bugfixes and code cleanups
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This CVE is disputed, and it is now tracked with an old version
of the application, it doesn't show up in the CVE report anymore.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
While in this case `RDEPENDS:class-target +=` wouldn't result in any
unwanted override, there is no guarantee there won't be a change, which
would be hidden by this override. To avoid any surprises in the future
let's use `:append:class-target =` syntax here.
Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This dependency was replaced with the standard compression.zstd module
in 1.1.0[1].
[1] ccf0def15e
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
===========
- Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies
- Escape brackets and backslash in httptools HEADER_RE regex
- Fix multiple issues in websockets sans-io implementation
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
==============
- 'GenericPlainRegistry.parse_expression' now correctly returns a dimensionless
Quantity when taking a float, int, or NaN
- Replace MIP with scipy in 'Quantity.to_preferred'
- New unit formatting modifier added ('^') to format unit with negative
exponents
- Add atomic unit of electric field gradient
('atomic_unit_of_electric_field_gradient', 'a_u_efg')
- Defer expensive loading of dask.array
- Add support for numpy's 'vdot', 'inner', 'outer', 'linalg.outer', 'matvec',
'vecmat', 'tensordot', and 'linalg.tensordot'
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
============
- Fix test_hexadecimal_with_libc_bulk()
- Keep available deprecated aliases for mpc/mpf_log()
- Use version_file option of setuptools-scm to keep version info
- Add workaround for test on s390x
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
License-Update: Copyright year updated to 2026
Changelog:
==========
- add support for CMakeLists
- implement more move constructor in the C++ code
- add C++ tests
- add support for GraalPy
- add RiscV support
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
==========
- Fix: issue 2138 describes a memory leak that happened when repeatedly using
the Coverage API with in-memory data. This is now fixed.
- Fix: the markdown-formatted coverage report didn't fully escape special
characters in file paths (issue 2141). This would be very unlikely to cause a
problem, but now it's done properly
- Fix: the C extension wouldn't build on VS2019, but now it does
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
=========
- Added the max_depth decoder parameter to limit the maximum allowed nesting
level of containers, with a default value of 400 levels (CVE-2026-26209)
- Changed the default read_size from 4096 to 1 for backwards compatibility. The
buffered reads introduced in 5.8.0 could cause issues when code needs to
access the stream position after decoding. Users can opt-in to faster decoding
by passing read_size=4096 when they don't need to access the stream directly
after decoding. Added a direct read path for read_size=1 to avoid buffer
management overhead.
- Fixed C encoder not respecting string referencing when encoding string-type
datetimes (tag 0)
- Fixed a missed check for an exception in the C implementation of
CBOREncoder.encode_shared()
- Fixed two reference/memory leaks in the C extension's long string decoder
- Fixed C decoder ignoring the str_errors setting when decoding strings, and
improved string decoding performance by using stack allocation for small
strings and eliminating unnecessary conditionals. Benchmarks show 9-17% faster
deserialization.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
============
- Added adapter attribute to bleak.args.bluez.BlueZClientArgs and
bleak.args.bluez.BlueZScannerArgs.
- Added bluez keyword argument to BleakClient.
- Added new bleak.args.bluez.BlueZClientArgs class.
- Added bleak.exc.BleakGATTProtocolError and
bleak.exc.BleakGATTProtocolErrorCode classes.
- Added type hints and documentation for use_cached kwarg for read_gatt_char()
and read_gatt_descriptor() methods in BleakClient.
- Added support for "use_cached" kwarg to read_gatt_char() and
read_gatt_descriptor() methods in BlueZ backend.
- Deprecated adapter keyword argument in BleakScanner and BleakClient.
- Changed GATT read and write methods to raise BleakGATTProtocolError when a
GATT protocol error occurs.
- Changed start/stop scanning on CoreBluetooth so that the isScanning property
is not checked anymore.
- Changed BleakClient.write_gatt_descriptor() to raise ValueError when
attempting to write to the descriptor 0x2902 (Client Characteristic
Configuration Descriptor, CCCD). Use start_notify() and stop_notify() instead.
- Fixed occasional EOFError when disconnecting in BlueZ backend.
- Fixed a potential deadlock when turning off Bluetooth manually while starting
scanning on CoreBluetooth.
- Fixed reading descriptors 0x2900, 0x2902 and 0x2903 on CoreBluetooth backend.
- Fixed cyclic references problem in CoreBluetooth backend causing memory
leaks.
- Fixed typehint for BleakScanner.__aexit__().
- Removed undocumented/deprecated device keyword argument from
BleakScannerBlueZDBus and BleakClientBlueZDBus.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
===========
- Support pagination with Pydantic
- Fix @app.output(Schema(many=True)) is not array type in OpenAPI doc
- Support upload file model
- Fix type checking for view function return types
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Ptests passed successfully:
Testsuite summary
TOTAL: 506
PASS: 506
SKIP: 0
XFAIL: 0
FAIL: 0
XPASS: 0
ERROR: 0
Changelog:
3.69:
Makefile: Drop coverage-report.log
Add Fedora 45 support
tests: Use pytest-cov to support coverage of parallel tests from pytest-xdist
workflows: Use latest released py3.14 and py3.12
test: Use pytest-xdist to run tests in parallel
tests: Use ThreadingHTTPServer and threads for load and include tests
tests: Mark helper classes as not tests
bootc: Add bootc command to the RHEL10 handler
rdp: Add rdp support to the RHEL10 handler
raid: Update RHEL10 handler to match rhel10-branch
Fix handling filesystem labels with spaces
3.68:
commands: bootc: remove 'experimental' warning
rhsm: Add Flatpak registry option for RHEL10
3.67:
drop python3-build dependency
Add Fedora 44 support
workflows: use py3.14rc1
tests: use pytest module instead of unittest
spec: Add python3-pytest to BuildRequires
3.66:
workflows: Use py3.14 beta.4
pylint: Ignore files in .git
pyproject: Bump setuptools to 77 or later
Makefile: Stop running setup.py directly
3.65:
workflows: Add python 3.14 to the test matrix
Add support for RDP
Deprecate VNC
docs: Fix chapter numbering after adding certificate
3.64:
workflow: Add python 3.13 testing
tests: Remove unused import of constants
realm: Clean up documentation
Add support for new bootc kickstart command
Update documentation for clearpart --initlabel option.
Update the %certificate section documentation
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This module depends on python3-six, otherwise it errors out:
>>> from txdbus.interface import DBusInterface, Method, Signal
Traceback (most recent call last):
File "<python-input-1>", line 1, in <module>
from txdbus.interface import DBusInterface, Method, Signal
File "/usr/lib/python3.14/site-packages/txdbus/interface.py", line 8, in <module>
import six
ModuleNotFoundError: No module named 'six'
Add the missing dependency.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
