Create SECURITY.md #131
Closed
Create SECURITY.md #131
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Apr 29, 2024
Changes in 2.2.5
#117: Document that empty for Concurrently waits forever
#120: Add ConcurrentlyE.
#123: Fix failing concurrentlyE tests in older GHCs.
#124: Allow hashable 1.4
#126: Semigroup and Monoid instances for ConcurrentlyE
#120: Add ConcurrentlyE
#138: expose internals as Control.Concurrent.Async.Internal
#131: Fix typos in docs
#132: waitAny(Catch): clarify non-empty input list requirement
#142: Add cancelMany
#135, #145, #150: Support for GHC 9.4, 9.6, 9.8
Document that empty for Concurrently waits forever.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Apr 30, 2024
v20.4.0
=======
Features
--------
- Replace deprecated ssl.wrap_socket with SSLContext.wrap_socket and update examples in connection.py docs. (#216)
v20.3.1
=======
No significant changes.
v20.3.0
=======
Features
--------
- Added support for SASL login. (#195)
Bugfixes
--------
- Better handling of escape sequences in message tags. (#205)
v20.2.0
=======
Features
--------
- Require Python 3.8 or later.
v20.1.1
=======
* #213: Pinned against jaraco.text 3.10 due to change in interface.
v20.1.0
=======
* #196: In irc.bot, avoid hanging idle when the first connection
attempt fails.
v20.0.0
=======
* ``SingleServerIRCBot`` no longer accepts ``reconnection_interval``
as a parameter.
* Added server support for NOTICE commands.
* Require Python 3.7 or later.
v19.0.1
=======
* #176: Fix issues with version number reporting. Restored version
version number reporting in bot and client.
v19.0.0
=======
* ``irc.client`` no longer exposes a ``VERSION`` or ``VERSION_STRING``.
To get the version, call ``importlib.metadata.version('irc')`` directly.
v18.0.0
=======
* Require Python 3.6 or later.
17.1
====
* Rely on
`importlib_metadata <https://pypi.org/project/importlib_metadata/>`_
for loading version from metadata. Removes implicit dependency on
setuptools and pkg_resources.
* #158: The AsyncIO server now accepts a connection factory to
enable features like SSL and IPv6 support.
* #155: ``SimpleIRCClient`` now has a ``dcc`` method for initiating
and associating a DCCConnection object with the client.
``DCCConnection.listen`` now accepts a ``address`` parameter.
Deprecated ``SimpleIRCClient.dcc_listen`` and
``SimpleIRCClient.dcc_connect`` in favor of the better separation
of concerns. Clients should replace::
client.dcc_connect(addr, port, type)
client.dcc_listen(type)
with::
client.dcc(type).connect(addr, port)
client.dcc(type).listen()
17.0
====
* Removed ``irc.buffer`` module, deprecated in 14.2.
* #153: Drop support for Python 3.3 and 2.7.
16.4
====
* Long Term Service release for Python 2.7.
* #149: ``AioConnection.connect`` moved to coroutine, added
disconnect handling for AsyncIO.
16.3
====
* #140: Methods now use 'connection' and 'event' for parameter names.
* #135 via #144: Added AsyncIO implementation.
16.2.1
======
* Package refresh and cleanup.
16.2
====
* #133: In ``irc.server``, add support for ISON.
16.1
====
* #131: Add ``Connection.encode`` and ``Connection.transmit_encoding``
to enable encodings other than UTF-8 to be used when transmitting
text.
16.0
====
* Removed deprecated ``execute_*`` methods on ``Connection``
and ``Reactor`` as introduced in 15.0.
* Fixed link in README.
15.1.1
======
* New ``send_items`` method takes star args for simplicity
in the syntax and usage.
15.1
====
* Introduce ``ServerConnection.send_items``, consolidating
common behavior across many methods previously calling
``send_raw``.
15.0.6
======
* Now publish `documentation <https://python-irc.readthedocs.io/>`_
to Read The Docs.
15.0.5
======
* #119: Handle broken pipe exception in IRCClient _send() (server.py).
15.0.4
======
* #116: Correct invocation of execute_every.
15.0.3
======
* #115: Fix AttributeError in ``execute_at`` in scheduling
support.
15.0.2
======
* #113: Use preferred scheduler in the bot implementation.
15.0.1
======
* Deprecated calls to Connection.execute_*
and Reactor.execute_*. Instead, call the
equivalently-named methods on the reactor's
scheduler.
15.0
====
* The event scheduling functionality has been decoupled
from the client.Reactor object. Now the reactor will
construct a Scheduler from the scheduler_class property,
which must be an instance of irc.schedule.IScheduler.
The ``_on_schedule`` parameter is no longer accepted
to the Reactor class. Implementations requiring a
signal during scheduling should hook into the ``add``
method of the relevant scheduler class.
* Moved the underlying scheduler implementation to
`tempora <https://pypi.org/project/tempora>`_, allowing
it to be re-used for other purposes.
14.2.2
======
* Issue #98: Add an ugly hack to force ``build_sphinx``
command to have the requisite libraries to build
module documentation.
14.2.1
======
* Issue #97: Restore ``irc.buffer`` module for
compatibility.
* Issue #95: Update docs to remove missing or
deprecated modules.
* Issue #96: Declare Gitter support as a badge in the
docs.
14.2
====
* Moved buffer module to `jaraco.stream
<https://pypi.python.org/pypi/jaraco.stream>`_ for
use in other packages.
14.1
====
* ``SingleServerIRCBot`` now accepts a ``recon``
parameter implementing a ReconnectStrategy. The new
default strategy is ExponentialBackoff, implementing an
exponential backoff with jitter.
The ``reconnection_interval`` parameter is now deprecated
but retained for compatibility. To customize the minimum
time before reconnect, create a custom ExponentialBackoff
instance or create another ReconnectStrategy object and
pass that as the ``recon`` parameter. The
``reconnection_interval`` parameter will be removed in
future versions.
* Issue #82: The ``ExponentialBackoff`` implementation
now protects from multiple scheduled reconnects, avoiding
the issue where reconnect attempts accumulate
exponentially when the bot is immediately disconnected
by the server.
14.0
====
* Dropped deprecated constructor
``connection.Factory.from_legacy_params``. Use the
natural constructor instead.
* Issue #83: ``connection.Factory`` no longer attempts
to bind before connect unless a bind address is specified.
13.3.1
======
* Now remove mode for owners, halfops, and admins when the user
is removed from a channel.
* Refactored the Channel class implementation for cleaner, less
repetitive code.
* Expanded tests coverage for Channel class.
13.3
====
* Issue #75: In ``irc.bot``, add support for tracking admin
status (mode 'a') in channels. Use ``channel.is_admin``
or ``channel.admins`` to identify admin users for a channel.
* Removed deprecated irc.logging module.
13.2
====
* Moved hosting to github.
13.1.1
======
* Issue #67: Fix infinite recursion for ``irc.strings.IRCFoldedCase``
and ``irc.strings.lower``.
13.1
====
* Issue #64: ISUPPORT PREFIX now retains the order of
permissions for each prefix.
13.0
====
* Updated ``schedule`` module to properly support timezone aware
times and use them by default. Clients that rely on the timezone
naïve datetimes may restore the old behavior by overriding the
``schedule.now`` and ``schedule.from_timestamp`` functions
like so:
schedule.from_timestamp = datetime.datetime.fromtimestamp
schedule.now = datetime.datetime.now
Clients that were previously patching
``schedule.DelayedCommand.now`` will need to instead patch
the aforementioned module-global methods. The
classmethod technique was a poor interface for effectively
controlling timezone awareness, so was likely unused. Please
file a ticket with the project for support with your client
as needed.
12.4.2
======
* Bump to jaraco.functools 1.5 to throttler failures in Python 2.
12.4
====
* Moved ``Throttler`` class to `jaraco.functools
<https://bitbucket.org/jaraco/jaraco.functools>`_ 1.4.
12.3
====
* Pull Request #33: Fix apparent escaping issue with IRCv3 tags.
12.2
====
* Pull Request #32: Add numeric for WHOX reply.
* Issue #62 and Pull Request #34: Add support for tags in message
processing and ``Event`` class.
12.1.2
======
* Issue #59: Fixed broken references to irc.client members.
* Issue #60: Fix broken initialization of ``irc.server.IRCClient`` on
Python 2.
12.1.1
======
* Issue #57: Better handling of Python 3 in testbot.py script.
12.1
====
* Remove changelog from package metadata.
12.0
====
* Remove dependency on jaraco.util. Instead depend on surgical packages.
* Deprecated ``irc.logging`` in favor of ``jaraco.logging``.
* Dropped support for Python 3.2.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
May 1, 2024
0.4.3.5
#131 Add At and Ixed instance for HashSet.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
May 6, 2024
2024-05-05 -- 0.9.8 >>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> * Fixed: [CVE-2024-34402] Protect against integer overflow in ComposeQueryEngine (GitHub #183, GitHub #185) * Fixed: [CVE-2024-34403] Protect against integer overflow in ComposeQueryMallocExMm (GitHub #183, GitHub #186) >>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> * Changed: Require CMake >=3.5.0 (GitHub #172) * Added: CMake option URIPARSER_SHARED_LIBS=(ON|OFF) to control, whether to produce a shared or static library for uriparser and that alone, falls back to standard BUILD_SHARED_LIBS if available, else defaults to "ON" (GitHub #169, GitHub #170) * Improved: Document that scheme-based normalization a la section 6.2.3 of RFC 3986 is a responsibility of the application using uriparser (GitHub #173, GitHub #174) * Improved: Document supported code points for functions uriEscape(Ex)W (GitHub #171, GitHub #175) * Infrastructure: Update Clang from 15 to 18 (GitHub #161, GitHub #187) * Infrastructure: Adapt to breaking changes in Clang packaging (GitHub #160) * Infrastructure: Get sanitizer CFLAGS and LDFLAGS back in sync (GitHub #161) * Infrastructure: Pin GitHub Actions to specific commits for security (GitHub #165) * Soname: 1:31:0 — see https://verbump.de/ for what these numbers do 2022-10-05 -- 0.9.7 * Fixed: Multiple issues with IPv6 and IPvFuture literal parsing (GitHub #146, GitHub #150) Thanks to Scallop Ye for the report and the pull request! * Fixed: Fix symbol visibility for -DBUILD_SHARED_LIBS=OFF (GitHub #139, GitHub #141); thanks to Mariusz Zaborski for the report! * Fixed: For MinGW, use size_t for inet_ntop declaration and fix macro checks for both MinGW and mingw-w64 (GitHub #131) * Fixed: Compiler warnings (GitHub #132, GitHub #152) * Improved: Use name UriConfig.h rather than generic config.h for the config header file to avoid name clashes and also include it through "UriConfig.h" with quotes rather than <UriConfig.h> so that it is found in quote path locations (GitHub #149) Thanks to Gaspard Petit for bringing this up! * Improved: Document need for UriConfig.h in UriMemory.c (GitHub #136) * Infrastructure: Add (support for) Visual Studio 17/2022 (GitHub #152) * Infrastructure: Drop (support for) Visual Studio <=14/2015 (GitHub #152) * Infrastructure: Update Clang from 13 to 15 (GitHub #143, GitHub #151) * Infrastructure: Make MinGW with 32bit Wine on Ubuntu 20.04 possible (GitHub #142, GitHub #144, GitHub #145) * Soname: 1:30:0 — see https://verbump.de/ for what these numbers do
netbsd-srcmastr
pushed a commit
that referenced
this pull request
May 9, 2024
This package hasn't been updated in a long time. The following list of changes was therefore curated to focus on features or recent bugfixes. Changes in 1.7.2: * Bug #899 Guided Remediation: Parse paths in npmrc auth fields correctly. * Bug #908 Fix rust call analysis by explicitly disabling stripping of debug info. * Bug #914 Fix regression for go call analysis introduced in 1.7.0. Changes in 1.7.0: * Feature #352 Guided Remediation Introducing our new experimental guided remediation feature on osv-scanner fix subcommand. * Feature #805 Include CVSS MaxSevirity in JSON output. Changes in 1.6.2: * Feature #694 OSV-Scanner now has subcommands! The base command has been moved to scan (currently the only commands is scan). By default if you do not pass in a command, scan will be used, so CLI remains backwards compatible. * Feature #776 Add pdm lockfile support. Changes in 1.6.0 and 1.6.1: * Feature #694 Add support for NuGet lock files version 2. * Feature #655 Scan and report dependency groups (e.g. "dev dependencies") for vulnerabilities. * Feature #702 Created an option to skip/disable upload to code scanning. * Feature #732 Add option to not fail on vulnerability being found for GitHub Actions. * Feature #729 Verify the spdx licenses passed in to the license allowlist. Changes in 1.5.0: * Feature #501 Add experimental license scanning support! * Feature #642 Support scanning renv files for the R language ecosystem. * Feature #513 Stabilize call analysis for Go * Feature #676 Simplify return codes: Return 0 if there are no findings or errors. Return 1 if there are any findings (license violations or vulnerabilities). Return 128 if no packages are found. * Feature #651 CVSS v4.0 support. * Feature #60 Pre-commit hook support. Changes in 1.4.3: * Feature #621 Add support for scanning vendored C/C++ files. * Feature #581 Scan submodules commit hashes. Changes in 1.4.1: * Feature #534 New SARIF format that separates out individual vulnerabilities * Experimental Feature #57 Experimental Github Action Changes in 1.4.0: * Feature #183 Add (experimental) offline mode * Feature #452 Add (experimental) rust call analysis, detect whether vulnerable functions are actually called in your Rust project * Feature #505 OSV-Scanner support custom lockfile formats Changes in 1.3.5: * Feature #409 Adds an additional column to the table output which shows the severity if available. Changes in 1.3.0: * Feature #198 GoVulnCheck integration! Try it out when scanning go code by adding the --experimental-call-analysis flag. * Feature #260 Support -r flag in requirements.txt files. * Feature #300 Make IgnoredVulns also ignore aliases. * Feature #304 OSV-Scanner now runs faster when there's multiple vulnerabilities. Changes in 1.2.0: * Feature #168 Support for scanning debian package status file, usually located in /var/lib/dpkg/status. Thanks @cmaritan * Feature #94 Specify what parser should be used in --lockfile. * Feature #158 Specify output format to use with the --format flag. * Feature #165 Respect .gitignore files by default when scanning. * Feature #156 Support markdown table output format. Thanks @deftdawg * Feature #59 Support conan.lock lockfiles and ecosystem Thanks @SSE4 * Updated documentation! Check it out here: https://google.github.io/osv-scanner/ Changes in 1.1.0: * Feature #98: Support for NuGet ecosystem. * Feature #71: Now supports Pipfile.lock scanning. * Bug #85: Even better support for narrow terminals by shortening osv.dev URLs. * Bug #105: Fix rare cases of too many open file handles. * Bug #131: Fix table highlighting overflow. * Bug #101: Now supports 32 bit systems. Tested on NetBSD/amd64.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jun 28, 2024
Changelog: ### GMime 3.2.15 * Fixed the g_mime_object_get_header API definition to note that it can return null * Fixed a memory leak in address_parse() (issue #159) * Added custom header folding logic for the Newsgroups: header (issue #162) * Fixed a configure issue regarding ac_cv_sys_file_offset_bits (issue #158) * Fixed an infinite loop in the Content-Type and Content-Disposition parameter serialization logic (issue #165) ### GMime 3.2.14 * Avoid clearing the header list of a GMimeMessage when adding addresses to an address header. (issue #129) * Added the internet_address_list_append_parse() prototype definition to internet-address.h. (issue #128) * Use gtk-doc ulink syntax in doc comments instead of `<a href=...>`. (issue #131) * Fixed rfc2047 token decoding logic for base64 encodings. (issue #133) * Properly handle GDateTime UTC offsets with non-zero seconds. (issue #134) * Improved introspection data for bindings such as Vala. * Improved address name quoting. * Added a GNotifyDestroy to the GMimeParserOptions callback. * Fixed the URL linkifier logic to properly handle links without a '/' before the query string. * Fixed the URL linkifier logic to handle domains that start with numbers. (issue #152) * Reverted base64 decoder optimizations from 3.2.10 and 3.2.11 to support chunked base64. (issue #150) ### GMime 3.2.13 * Optimized parsing of messages with lots of address headers. (issue #126) ### GMime 3.2.12 * Fixed a memory leak in g_mime_gpgme_get_decrypt_result(). * Updated vapigen.m4, introspection.m4, and gpgme.m4 to improve cross-platform builds. * Add and use ax_lib_socket_nsl.m4 so that systems that do not require linkage with libnsl are not forced to link with it unnecessesarily. * Changed the build system to no longer use dolt (which is obsolete). ### GMime 3.2.11 * Fixed a bug in the base64 decoder. D'oh! ### GMime 3.2.10 * Improved performance of base64 encoder by ~5%. * Improved performance of base64 decoder by ~25%. * Unref the autocrypt header after adding it to the list. (issue #118) * Work around a bug in g_time_zone_new_offset() by using identifiers instead. (issue #120) ### GMime 3.2.9 * g_mime_multipart_signed_verify() now allows type/subtype and type/x-subtype signature parts. (issue #115) * Fixed header folding logic to avoid folding the first line of a header value. (issue #112 and issue #113) * Fixed bugs discovered by static analysis. (issue #110) * Fixed GMimeStreamPipe to set errno to ESPIPE for seek/tell/length methods. * Fixed GMimeCertificates to prefer gpgme_user_id_t's address field over the email field. (issue #102) ### GMime 3.2.8 * Various fixes to Vala (and other?) language bindings. (issue #96 and issue #101) * Enabled build for PPC64LE architecture (issue #100) * Added g_mime_object_write_content_to_stream() (issue #97) * Fixed parameter list parsing logic to not report a warning when everything is valid. * Fixed the parser to handle MIME parts without headers -or- content of any kind.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jul 30, 2024
Upstream changes:
## 2024 05 11
- The option --valign-signed-numbers, or -vsn is now the default. It
was introduced in the previous release has been found to significantly
improve the overall appearance of columns of signed and unsigned
numbers. See the previous Change Log entry for an example.
This will change the formatting in scripts with columns
of vertically aligned signed and unsigned numbers.
Use -nvsn to turn this option off and avoid this change.
- Previously, a line break was made before a short concatenated terminal
quoted string, such as "\n", if the previous line had a greater
starting indentation. The break is now placed after the short quote.
This keeps code a little more compact. For example:
# old rule: break before "\n" here because '$name' has more indentation:
my $html = $this->SUPER::genObject( $query, $bindNode, $field . ":$var",
$name, "remove", "UNCHECKED" )
. "\n";
# new rule: break after a short terminal quote like "\n" for compactness;
my $html = $this->SUPER::genObject( $query, $bindNode, $field . ":$var",
$name, "remove", "UNCHECKED" ) . "\n";
- The option --delete-repeated-commas is now the default.
It makes the following checks and changes:
- Repeated commas like ',,' are removed with a warning
- Repeated fat commas like '=> =>' are removed with a warning
- The combination '=>,' produces a warning but is not changed
These warnings are only output if --warning-output, or -w, is set.
Use --nodelete-repeated-commas, or -ndrc, to retain repeated commas.
- The operator ``**=`` now has spaces on both sides by default. Previously,
there was no space on the left. This change makes its spacing the same
as all other assignment operators. The previous behavior can be obtained
with the parameter setting -nwls='**='.
- The option --file-size-order, or -fso is now the default. When
perltidy is given a list of multiple filenames to process, they
are sorted by size and processed in order of increasing size.
This can significantly reduce memory usage by Perl. This
option has always been used in testing, where typically several
jobs each operating on thousands of filenames are running at the
same time and competing for system resources. If this option
is not wanted for some reason, it can be deactivated with -nfso.
- In the option --dump-block-summary, the number of sub arguments indicated
for each sub now includes any leading object variable passed with
an arrow-operator call. Previously the count would have been decreased
by one in this case. This change is needed for compatibility with future
updates.
- Fix issue git #138 involving -xlp (--extended-line-up-parentheses).
When multiple-line quotes and regexes have long secondary lines, these
line lengths could influencing some spacing and indentation, but they
should not have since perltidy has no control over their indentation.
This has been fixed. This will mainly influence code which uses -xlp
and has long multi-line quotes.
- Add option --minimize-continuation-indentation, -mci (see git #137).
This flag allows perltidy to remove continuation indentation in some
special cases where it is not really unnecessary. For a simple example,
the default formatting for the following snippet is:
# perltidy -nmci
$self->blurt( "Error: No INPUT definition for type '$type', typekind '"
. $type->xstype
. "' found" );
The second and third lines are one level deep in a container, and
are also statement continuations, so they get indented by the sum
of the -i value and the -ci value. If this flag is set, the
indentation is reduced by -ci spaces, giving
# perltidy -mci
$self->blurt( "Error: No INPUT definition for type '$type', typekind '"
. $type->xstype
. "' found" );
This situation is relatively rare except in code which has long
quoted strings and the -nolq flag is also set. This flag is currently
off by default, but it could become the default in a future version.
- Add options --dump-mismatched-args (or -dma) and
--warn-mismatched-arg (or -wma). These options look
for and report instances where the number of args expected by a
sub appear to differ from the number passed to the sub. The -dump
version writes the results for a single file to standard output
and exits:
perltidy -dma somefile.pl >results.txt
The -warn version formats as normal but reports any issues as warnings in
the error file:
perltidy -wma somefile.pl
The -warn version may be customized with the following additional parameters
if necessary to avoid needless warnings:
--warn-mismatched-arg-types=s (or -wmat=s),
--warn-mismatched-arg-exclusion-list=s (or -wmaxl=s), and
--warn-mismatched-arg-undercount-cutoff=n (or -wmauc=n).
--warn-mismatched-arg-overcount-cutoff=n (or -wmaoc=n).
These are explained in the manual.
- Add option --valign-wide-equals, or -vwe, for issue git #135.
Setting this parameter causes the following assignment operators
= **= += *= &= <<= &&= -= /= |= >>= ||= //= .= %= ^= x=
to be aligned vertically with the ending = all aligned. For example,
here is the default formatting of a snippet of code:
$str .= SPACE x $total_pad_count;
$str_len += $total_pad_count;
$total_pad_count = 0;
$str .= $rfields->[$j];
$str_len += $rfield_lengths->[$j];
And here is the same code formatted with -vwe:
# perltidy -vwe
$str .= SPACE x $total_pad_count;
$str_len += $total_pad_count;
$total_pad_count = 0;
$str .= $rfields->[$j];
$str_len += $rfield_lengths->[$j];
This option currently is off by default to avoid changing existing
formatting.
- Added control --delete-interbracket-arrows, or -dia, to delete optional
hash ref and array ref arrows between brackets as in the following
expression (see git #131)
return $self->{'commandline'}->{'arg_list'}->[0]->[0]->{'hostgroups'};
# perltidy -dia gives:
return $self->{'commandline'}{'arg_list'}[0][0]{'hostgroups'};
Added the opposite control --aia-interbracket-arrows, or -aia, to
add arrows. So applied to the previous line the arrows are restored:
# perltidy -aia
return $self->{'commandline'}->{'arg_list'}->[0]->[0]->{'hostgroups'};
The manual describes additional controls for adding and deleting
just selected interbracket arrows.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Oct 21, 2024
1.8.2 (2024-09-24) What's Changed * Drop commented-out line by @olleolleolle in #108 * Add Ruby 3.1 & 3.2 to CI matrix by @tricknotes in #109 * Fix/redos by @ooooooo-q in #114 * Raise HTTPStatus::BadRequest for requests with invalid/duplicate content-length headers by @jeremyevans in #120 * Bump actions/checkout from 3 to 4 by @dependabot in #121 * Improve CI by @hsbt in #123 * Fix WEBrick::TestFileHandler#test_short_filename test not working on mswin by @KJTsanaktsidis in #128 * Fix bug chunk extension detection by @jeremyevans in #125 * Fix CI. by @ioquatix in #131 * Merge multiple cookie headers, preserving semantic correctness. by @ioquatix in #130 * Test on macos-latest by @byroot in #132 * Require CRLF line endings in request line and headers by @jeremyevans in #138 * Prefer squigly heredocs. by @ioquatix in #143 * Only strip space and horizontal tab in headers by @jeremyevans in #141 * Treat missing CRLF separator after headers as an EOFError by @jeremyevans in #142 * Return 400 response for chunked requests with unexpected data after chunk by @jeremyevans in #136 * Fix reference to URI::REGEXP::PATTERN::HOST by @casperisfine in #144 * Prevent request smuggling by @jeremyevans in #146 New Contributors * @tricknotes made their first contribution in #109 * @ooooooo-q made their first contribution in #114 * @KJTsanaktsidis made their first contribution in #128 * @byroot made their first contribution in #132 * @casperisfine made their first contribution in #144
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Nov 11, 2024
2.2 (2024-08-27) * WebUI: More correct filtering reports by disposition value * WebUI: add actual fail count to the report list (#96) * WebUI: implemented use of abbreviated form for numbers in the list of reports * WebUI: added a toolbar and column management to the report list. The default column set was changed * Implemented destroying user sessions if user_management is set to false * Added ignoring unknown tags in XML report files * Fixed undefined property usage in utils/reports_cleaner.php (#131) * Fixed an error occuring when adding a user without the level parameter via utils/users_admin.php * Improved error message when passing invalid time to Report dialog * Updated the "Utilities" section in README.md * Other minor changes and updates * Some code optimization and refactoring 2.2.1 (2024-08-28) * Fixed an error "Undefined array key" occurring when processing an incorrect report file (#132)
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Nov 27, 2024
v0.8.2
Mostly frontend improvements, the highlights being improved video/audio sync and more flexible
input/hotkey mapping. Also adds Genesis overclocking support.
Input/hotkey configuration is not compatible with previous versions; input configuration is now stored in a different format, and all input-related settings will one-time revert to defaults if using a config file from a previous version
Save states are not compatible with previous versions
New Features
Video/audio sync improvements which should enable significantly improved frame pacing without needing to rely on 60Hz VSync (which can cause very noticeable input latency on some platforms)
Added a new "frame time sync" option that uses the host system clock to match the emulated system's framerate and frame timing as closely as possible without relying on host GPU synchronization (i.e. VSync)
Added a new option for dynamic audio resampling ratio, which periodically adjusts the audio resampling ratio to try and avoid audio buffer underflows and overflows (which both cause audio popping)
This is implemented in a very conservative way in order to avoid audible differences in audio pitch, so it is not completely guaranteed to prevent audio buffer underflow/overflow
Audio sync now checks the audio buffer size every 16 samples enqueued rather than only checking once per frame, which should significantly reduce stuttering when audio sync is enabled without VSync or frame time sync
Adjusted default sync/audio settings values to hopefully make stuttering and audio popping less likely when running with default settings
In the GUI, video/audio sync settings have been moved to a new window under Settings > Synchronization
Input mapping overhaul to make input mapping/configuration more flexible (#134 / #137)
Keyboard and gamepad settings are no longer separate configurations; each system now supports up to 2 mappings for each emulated button where each mapping can be a keyboard key, a gamepad input, or a mouse button
Key/input/button combinations (2 or 3 simultaneous inputs) are now supported for mappings in addition to individual keys/inputs
Hotkeys can now be mapped to gamepad inputs, mouse buttons, and combinations in addition to individual keyboard keys
Each input settings window now has a button to apply one of two keyboard presets for P1 inputs, one with arrow keys mapped to the d-pad and one with WASD mapped to the d-pad
Added a new set of hotkeys for saving/loading specific save state slots (#134)
(Genesis / Sega CD / 32X) Added an option to overclock the main Genesis CPU (the 68000) by decreasing the master clock divider, which can reduce or eliminate slowdown in games (#133)
Note that this is a fairly naive form of overclocking that works very well in many games but very poorly in some games; use with caution
As far as SCD/32X, from my testing overclocking the 68000 almost always causes problems in 32X games (which are normally bottlenecked on SH-2 speed anyway), but it does fix slowdown in some Sega CD games
(SMS / Game Gear) Replaced the "double Z80 CPU speed" setting with an option to overclock at finer granularity by decreasing the Z80 master clock divider
Same caveat as above regarding this form of overclocking working very poorly in some games, and this is more of an issue for SMS/Game Gear than it is for Genesis/Sega CD
Added an option to only hide the mouse cursor when in fullscreen, in addition to the previous settings of "always hide" and "never hide"
Added an option to change the fullscreen mode from borderless to exclusive
Added an option to change the audio output frequency from 48000 Hz to 44100 Hz
Improvements
(Genesis / Sega CD) Slightly improved performance by advancing the emulated clock in larger intervals while a long VDP DMA is in progress
(32X) Slightly improved performance by optimizing SH-2 instruction decoding
(GB) Improved video frame delivery behavior when the PPU is powered off to make it play a little nicer with VSync and frame time sync
The emulator window is now explicitly focused/raised when a game is loaded; previously this wouldn't always happen automatically, particularly on Windows
Fixes
(Sega CD) Slightly extended the delay between a game sending a CDD Play/Read command and the CD drive reading the first sector; this fixes Time Gal having excruciatingly long "load times"
"Load times" in quotes because the game was actually getting confused and repeatedly re-reading the same CD-ROM sectors until various interrupts happened to trigger at exactly the right times relative to each other
(Sega CD) Fixed a bug where some backend settings would not correctly persist after loading a save state (they would temporarily revert to what they were when the save state was created)
v0.8.1
Small release with mostly bugfixes and a few save state-related features
SMS/Game Gear and NES save states are not compatible with previous versions, other systems' save states should be compatible
Features
Made the game save file and save state locations configurable (#132)
Can be set to the same folder as the ROM image (same as previous behavior), subdirectories in the emulator folder, or custom paths
Added a new --load-save-state <SLOT> command-line arg to load a specific save state slot at game launch (#132)
Added an option to attempt to load the most recently saved state when launching a game
If this option is set when there are no save states or the most recent state cannot be loaded, the game will boot normally
(Game Gear) Added an option to render at SMS resolution (256x192) instead of native resolution (160x144)
The expanded parts of the frame often contain garbage because they weren't meant to be visible, but they sometimes contain an expanded playfield
Fixes
(Sega CD) Fixed a bug where loading a save state could possibly crash the emulator due to a stack overflow; this was particularly likely to happen on Windows due to the small default stack size
This was caused by the state deserialization code inadvertently deserializing some very large arrays into the stack before moving them to the heap, rather than deserializing directly into the heap
(SMS/Game Gear) Fixed the VDP display disabled implementation so that it properly blanks the display rather than leaving the previous frame onscreen
(SMS) Fixed the NTSC/PAL and SMS Model settings not having any effect when loading a game from a .zip/.7z file rather than a .sms file
(NES) Fixed multiple bugs related to how the PPU determines what color to display when rendering is disabled while PPUADDR points to palette RAM; this fixes Micro Machines having a solid gray bar in the middle of the title screen, as well as several test ROMs that rely on this hardware quirk for high-color display (#53 / #55 / #56)
GUI: Saving or loading a save state slot from the GUI window now also changes the selected save state slot
CLI: Fixed
the 32X option missing from the help text for the --hardware arg (#131)
The video memory viewer window now renders without VSync; this fixes likely stuttering and audio popping while the memory viewer window is open
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Dec 2, 2024
# wk 0.9.4 - Ensure package tests pass against sf 1.0-18 (#224, #225). # wk 0.9.3 - Ensure package compiles with `STRICT_R_HEADERS=1` (#222). # wk 0.9.2 - Add `wk_crs()` and `wk_set_crs()` methods for `bbox` (#213) - Fix wk_trans inconsistent meta flags handling (#217) - Ensure package builds on arm64 for Windows (#220) # wk 0.9.1 - Fix format strings/arguments for R-devel (#209). # wk 0.9.0 ## Breaking changes - The common well-known binary representation of POINT EMPTY (i.e., POINT (nan nan)) is now handled as POINT EMPTY allowing empty points to roundtrip through `wkb()` vectors (#196, #204). - `xy(NA, NA)` is now read as a null feature instead of POINT EMPTY. This preserves the invariant that null features can also be identified using `is.na()` (#205). - `xy(NaN, NaN)` is now read as POINT EMPTY and `is.na(xy(NaN, NaN))` now returns `FALSE`. This means that both EMPTY and null points can roundtrip through `xy()` (#205). ## Bugfixes and improvements - `wk_meta()` now contains a new column `is_empty`, which is `TRUE` for any feature that contains at least one non-empty coordinate. This allows more efficient detection of features with zero coordinates (#197, #199). - Updated PROJ data to use the latest pull of the database packaged with PROJ 9.3.0 (#201). - The wk package now compiles once again on gcc 4.8 (#203, #206). - Fixed `sfc_writer()` to correctly attach the `classes` attribute to sfc output with mixed geometry types (#195). - Function `sfc_writer()` now has an argument `promote_multi` to write any input as the MULTI variant. This makes it more likely that an input vector will be read as a single geometry type (#198). - The `wk_collection_filter()` now correctly increments the `part_id` when calling the child handler (@brownag, #194). # wk 0.8.0 * Added `wkb_to_hex()` (@anthonynorth, #183). * Implemented `vctrs::vec_proxy_equal()` for `wkb()` vctrs (@anthonynorth, #183). * Fixed `sfc_writer()`, which had returned NULL for some inputs (e.g., via `wk_collection()`) (@anthonynorth, #182, #186). * Added `wk_clockwise()` and `wk_counterclockwise()` to re-wind polygon rings (@anthonynorth, #188). * New replacement-function mode for `wk_coords<-()` for in-place modification of coordinates (@mdsumner, #187). * New function `wk_trans_explicit()` migrated from crs2crs (@mdsumner, #187). # wk 0.7.3 * Fix tests for updated waldo package (#178). # wk 0.7.2 * Fix use-after-free warnings. # wk 0.7.1 * Fix implicit reliance on error `as.data.frame.default()`, which no longer occurs in r-devel (#166). # wk 0.7.0 * Remove legacy headers that are no longer used by any downstream package (#146). * `validate_wk_wkt()` now errors for an object that does not inherit from 'wk_wkt' (#123, #146). * Added `wk_crs_projjson()` to get a JSON representation of a CRS object. To make lookup possible based on shortcut-style CRS objects (e.g., `"EPSG:4326"` or `4326`), added data objects `wk_proj_crs_view` and `wk_proj_crs_json` that contain cached versions of rendered PROJJSON based on the latest PROJ version (#147). * Added a `wk_crs_proj_definition()` method for `wk_crs_inherit()` (#136, #147). * Conversion to sf now uses the `sfc_writer()` for all wk classes, making conversions faster and fixing at least one issue with conversion of NA geometries to sf (#135). * `wk_plot()` now plots `NULL`/`NA` geometries and mixed geometry types more reliably (#142, #143, #149). * Exported EMPTY geometries to well-known text now include dimension (e.g., `POINT Z EMPTY`) (#141, #150). * Fixed bug where `wk_polygon()` doubled some points when the input contained closed rings (#134, #151). * Fixed bug where `wk_count()` exposed uninitialized values for empty input (#139, #153). * The `xy_writer()` now opportunistically avoids allocating vectors for Z or M values unless they are actually needed (#131, #154). * Added example WKT for all geometry types and dimensions plus helper `wk_example()` to access them and set various properties (#155). * Fixes warnings when compiling with `-Wstrict-prototypes` (#157, #158). * Removed `wk_chunk_map_feature()` in favour of using chunking strategies directly (#132, #159). * Optimized `wk_coords()` for `xy()` objects (#138, #160). * Added accessor methods for record-style vectors: `rct_xmin()`, `rct_xmax()`, `rct_ymin()`, `rct_ymax()`, `rct_width()`, `rct_height()`, `crc_center()`, `crc_x()`, `crc_y()`, `crc_r()`, `xy_x()`, `xy_y()`, `xy_z()`, and `xy_m()` (#144, #161). * Added rectangle operators `rct_intersects()`, `rct_contains()`, and `rct_intersection()` (#161). # wk 0.6.0 * Fixed `wk_affine_rescale()` to apply the translate and scale operations in the correct order (#94). * Add `wk_handle_slice()` and `wk_chunk_map_feature()` to support a chunk + apply workflow when working with large vectors (#101, #107). * C and R code was rewritten to avoid materializing ALTREP vectors (#103, #109). * Added a `wk_crs_proj_definition()` generic for foreign CRS objects (#110, #112). * Added `wk_crs_longlat()` helper to help promote authority-compliant CRS choices (#112). * Added `wk_is_geodesic()`, `wk_set_geodesic()`, and argument `geodesic` in `wkt()` and `wkb()` as a flag for objects whose edges must be interpolated along a spherical/ellipsoidal trajectory (#112). * Added `sf::st_geometry()` and `sf::st_sfc()` methods for wk geometry vectors for better integration with sf (#113, #114). * Refactored well-known text parser to be more reusable and faster (#115, #104). * Minor performance enhancement for `is.na()` and `validate_wk_wkb()` when called on a very long `wkb()` vector (#117). * Fixed issue with `validate_wk_wkb()` and `validate_wk_wkt()`, which failed for most valid objects (#119). * Added `wk_envelope()` and `wk_envelope_handler()` to compute feature-wise bounding boxes (#120, #122). * Fixed headers and tests to pass on big endian systems (#105, #122). * Incorporated the geodesic attribute into vctrs methods, data frame columns, and bbox/envelope calculation (#124, #125). * Fix `as_xy()` for nested data frames and geodesic objects (#126, #128). * Remove deprecated `wkb_problems()`, `wkt_problems()`, `wkb_format()`, and `wkt_format()` (#129). * `wk_plot()` is now an S3 generic (#130). # wk 0.5.0 * Fixed bugs relating to the behaviour of wk classes as vectors (#64, #65, #67, #70). * `crc()` objects are now correctly exported as polygons with a closed loop (#66, #70). * Added `wk_vertices()` and `wk_coords()` to extract individual coordinate values from geometries with optional identifying information. For advanced users, the `wk_vertex_filter()` can be used as part of a pipeline to export coordinates as point geometries to another handler (#69, #71). * Added `wk_flatten()` to extract geometries from collections. For advanced users, the `wk_flatten_filter()` can be used as part of a pipeline (#75, #78). * `options("max.print")` is now respected by all vector classes (#72, #74). * Moved implementation of plot methods from wkutils to wk to simplify the dependency structure of both packages (#80, #76). * Added `wk_polygon()`, `wk_linestring()`, and `wk_collection()` to construct polygons, lines, and collections. For advanced users, `wk_polygon_filter()`, `wk_linestring_filter()`, and `wk_collection_filter()` can be used as part of a pipeline (#77, #84). * Added a C-level transform struct that can be used to simplify the the common pattern of transforming coordinates. These structs can be created by other packages; however, the `wk_trans_affine()` and `wk_trans_set()` transforms are also built using this feature. These are run using the new `wk_transform()` function and power the new `wk_set_z()`, `wk_set_m()`, `wk_drop_z()`, `wk_drop_m()`, functions (#87, #88, #89). # wk 0.4.1 * Fix LTO and MacOS 3.6.2 check errors (#61). # wk 0.4.0 * Removed `wksxp()` in favour of improved `sf::st_sfc()` support (#21). * Rewrite existing readers, writers, and handlers, using a new C API (#13). * Use new C API in favour of header-only approach for all wk functions (#19, #22). * Use cpp11 to manage safe use of callables that may longjmp from C++. * Vector classes now propagate `attr(, "crs")`, and check that operations that involve more than one vector have compatable CRS objects as determined by `wk_crs_equal()`. * Added an R-level framework for other packages to implement wk readers and handlers: `wk_handle()`, `wk_translate()`, and `wk_writer()` (#37). * Added a native reader and writer for `sf::st_sfc()` objects and implemented R-level generics for sfc, sfg, sf, and bbox objects (#28, #29, #38, #45). * Implement `crc()` vector class to represent circles (#40). * Added a 2D cartesian bounding box handler (`wk_bbox()`) (#42). * Refactored unit tests reflecting use of the new API and for improved test coverage (#44, #45, #46). * Added `wk_meta()`, `wk_vector_meta()`, and `wk_count()` to inspect properties of vectors (#53). * Modified all internal handlers such that they work with vectors of unknown length (#54). # wk 0.3.4 * Fixed reference to `wkutils::plot.wk_wksxp()`, which no longer exists. # wk 0.3.3 * Fixed WKB import of ZM geometries that do not use EWKB. * Added `xy()`, `xyz()`, `xym()` and `xyzm()` classes to efficiently store point geometries. * Added the `rct()` vector class to efficiently store two-dimensional rectangles. * Fixed the CRAN check failure caused by a circular dependency with the wkutils package. * Added S3 methods to coerce sf objects to and from `wkt()`, `wkb()` and `wksxp()`. # wk 0.3.2 * Fixed EWKB output for collections and multi-geometries that included SRID (#3). * Fixed CRAN check errors related to exception handling on MacOS/R 3.6.2. # wk 0.3.1 * Added a `NEWS.md` file to track changes to the package.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Dec 10, 2024
2.6.0 (2024-11-24) External changes * Expectation with never cardinality should display deprecation warning (#681) - thanks to @ducmtran for reporting and testing WARNING: This release results in some incorrect deprecation warnings: * The logic for displaying the deprecation warnings is fixed in v2.6.1 (#686). Internal changes * Simplify backtrace related assertions (#680) * Remove unused ExpectationList#match_but_out_of_order (f2fa9919) 2.6.1 (2024-11-28) External changes * Fix logic for displaying deprecation warning for expectation with never cardinality (#686) - thanks to @davidstosik for reporting 2.7.0 (2024-12-07) External changes * Fail fast if invocation matches never expectation (#679, #678, #490, #131 & #44) - thanks to @ducmtran & @davidstosik for reporting Internal changes * Workaround for JRuby jar-dependencies issue (#690) * Ruby v3.4 stacktrace uses single-quote vs backtick (#688 & #689) - thanks to Vít Ondruch WARNING: This release fixes a very old bug * The bug relates to the use of Expectation#never in combination with other expectations on the same method. * Please ensure you fix the relevant deprecation warnings when running against v2.6.1 before upgrading to v2.7.0. * Previously, the following test would have passed, but now it will fail with an unexpected invocation error on the foo.bar line. foo = mock('foo') foo.stubs(:bar) foo.expects(:bar).never foo.bar 2.7.1 (2024-12-09) External changes * Deprecate Configuration#stubbing_method_on_nil= (#694) * Indicate when parameter matcher logic is defined by block passed to Expectation#with (#698, b30e4434) * Improve documentation for Expectation#with, especially when it is passed a block (#698, #682, #606 & #681)
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Dec 17, 2024
What's Changed
Fix typo, add links, and formatting by @grahammiln in #128
README change binary name in usage example by @mikelolasagasti in #126
gha: update golangci-lint to v1.62.2 by @thaJeztah in #131
Preserve compatibility with go <= 1.17 by @thaJeztah in #130
update minimum go version to go1.12, and test in gh by @thaJeztah in #129
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Dec 30, 2024
# downlit 0.4.4 * Use simpler parsing algorithm for R 4.0, which avoids crash with certain UTF-8 characters (#189). # downlit 0.4.3 * Fix for upcoming R-devel (#169). # downlit 0.4.2 * `highlight()` no longer errors if a package imputed to have been attached isn't installed. * Correctly link `requireNamespace(MASS)` (#151). # downlit 0.4.1 ## Syntax highlighting * Supports new base pipe `|>` syntax (#126). * Every line get its own `<span>` to match pandoc (#122). * Multi-line tokens (e.g. strings) now get a `<span>` per line (#139). * Very long strings or other tokens are no longer truncated (@dmurdoch, #128). ## Auto-linkg * Function calls (in inline and code blocks) will no longer to non-function topics (#135). * Re-exports detection no longer relies on name of `.Rd` file (#134). * Link to correct topic with `::()` and `utils::help()` (@IndrajeetPatil, #131). * Generate correct link for Bioconductor vignettes (@zeehio, #145)
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jan 10, 2025
## 2.1.2 Fix a breaking change (#325) introduced by the previous fix for #131. Prelude is no longer used by Happy. ## 2.1.1 This release fixes two breaking changes: * Properly qualify all uses of Prelude functions, fixing #131 * Bring back the old `%errorhandlertype` directive, the use of which is discouraged in favour of the "Reporting expected tokens" mechanism in Happy 2.1, accesible via `%error.expected`. ## 2.1 * Added `--numeric-version` CLI flag. * Documented and implemented the new feature "Resumptive parsing with ``catch``" * Documented (and reimplemented) the "Reporting expected tokens" feature (which turned to cause a breaking change in this release: #320) ## 2.0.2 The 2.0.1 release in turn exposed two more regressions: * Generated code uses PatternGuards without declaring it (#309) * Use of `happy-lib:*` syntax to depend on private library components triggered a bug in Cabal versions 3.0 and 3.2 (#311) This release fixes both. ## 2.0.1 The 2.0 release changed the indentation character from tabs to two spaces, triggering an unforced breaking change in GHC (#303). This release provides the fix by using eight spaces for indentation. ## 2.0 There are two main breaking changes in this release: 1. Removed non-array, non-GHC modes, so flags `-ag` are the default now and become no-ops. 2. Generated parsers now activate the language extension `-XNoStrictData` without which every use of a happy parser would lead to an immediate crash (#273). This causes us to drop support for GHC < 8.0. Furthermore, the project structure was modularized and a library `happy-lib` containing the implmentation of the `happy` executable was extracted. Quite similar to the situation with GHC vs. the GHC API, we expect that `happy` will continue to be a stable CLI tool with solid (if occasionally out of date) documentation, while the design, documentation and implementation of `happy-lib` is still in flux and use is only recommended to expert users. Other, more minor changes: * Revert the new bootstrapping system of 1.21.0 to mitigate build issues (#255, #274). * Encode action table offsets in 32 bit instead of 16 bit (#93, #199, #266). This increases the size of generated parsers a bit (about 250KB for GHC's parser), but also manages to generate parsers for grammars that were previously running into the size limit (#199). * The documentation has been converted to ReStructuredText, hosted at https://haskell-happy.readthedocs.io/en/latest/ (#226) * A few internal refactorings to the structure of generated code.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.