-
-
Notifications
You must be signed in to change notification settings - Fork 30.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
zipfile.Path regression #123270
Comments
Paths like >>> import io, zipfile
>>> zf = zipfile.ZipFile(io.BytesIO(), "w")
>>> zf.writestr("foo//bar", "text")
>>> zf.namelist()
['foo//bar']
>>> p = zipfile.Path(zf)
>>> p.root.namelist() # before: ['foo//bar', 'foo/']
['foo/bar', 'foo/']
>>> x = p / "foo//bar"
>>> y = p / "foo" / "bar"
>>> x.exists() # before: True
False
>>> y.exists() # before: False
True
>>> x.read_text() # before: works, returns 'text'
FileNotFoundError: ...
>>> y.read_text() # before: FileNotFoundError
KeyError: "There is no item named 'foo/bar' in the archive" >>> import io, zipfile
>>> zf = zipfile.ZipFile(io.BytesIO(), "w")
>>> zf.writestr("foo\\bar", "text")
>>> zf.namelist()
['foo\\bar']
>>> p = zipfile.Path(zf)
>>> p.root.namelist() # before: ['foo\\bar']
['foo/bar', 'foo/']
>>> x = p / "foo\\bar"
>>> y = p / "foo" / "bar"
>>> x.exists() # before: True
False
>>> y.exists() # before: False
True
>>> x.read_text() # before: works, returns 'text'
FileNotFoundError: ...
>>> y.read_text() # before: FileNotFoundError
KeyError: "There is no item named 'foo/bar' in the archive" |
cc @jaraco |
Sanitising is good. But e.g. |
# before
>>> import io, os, zipfile
>>> zf = zipfile.ZipFile(io.BytesIO(), "w")
>>> zf.writestr("foo/bar", "one")
>>> zf.writestr("foo\\bar", "two")
>>> zf.namelist()
['foo/bar', 'foo\\bar']
>>> zf.extractall("a")
>>> os.system("tree a")
a
├── foo
│ └── bar
└── foo\bar
>>> p = zipfile.Path(zf)
>>> p.root.namelist()
['foo/bar', 'foo\\bar', 'foo/']
>>> (p / "foo" / "bar").read_text()
'one'
>>> (p / "foo\\bar").read_text()
'two'
# after
>>> import io, os, zipfile
>>> zf = zipfile.ZipFile(io.BytesIO(), "w")
>>> zf.writestr("foo/bar", "one")
>>> zf.writestr("foo\\bar", "two")
>>> p = zipfile.Path(zf)
>>> zf.namelist()
['foo/bar', 'foo/bar', 'foo/']
>>> zf.extractall("a")
>>> os.system("tree a")
a
└── foo
└── bar
>>> (p / "foo" / "bar").read_text()
'one'
>>> (p / "foo\\bar").read_text()
FileNotFoundError: ... |
Keeping a |
My expectation was that paths affected by sanitizing would not be supported.
My goal is to provide a (perhaps constrained) interface that's portable and provides consistent behavior independent of platform. I'll have to think about this some more
I was not expecting that Can you say more about the use-cases that are affected by these paths? What causes these zip files to exist? What does the author of such a zip file expect to happen when consumed by a zipfile client? |
Are these file names common? Maybe not. But on Linux these are perfectly acceptable file names. And whilst they may indeed cause portability issues for Windows users and I would thus avoid them when creating ZIP files for use on Windows, the ZIP format also considers them perfectly acceptable. I myself have quite a few music files with odd file names; song titles can be quite varied. And whilst I've sometimes run into problems extracting those files on other operating systems I have never had issues creating or listing ZIP files. File names like
Tools like I generally expect to be able to take any directory tree and turn it into a ZIP file without having to worry about file names containing colons or backslashes. Or at the most that I might need to be careful when extracting them on Windows. I would not expect to have problems merely listing the contents, especially when not even using Windows. So it is very surprising when |
And my expectation would be that such paths would be either explicitly rejected as malformed if they cannot reasonably be supported. Or when they can be, handled gracefully with a portable interface that maps sanitised names providing a consistent interface that can reasonably be supported onto the underlying file names instead of simply causing attempts to read files to fail because the underlying file name does not match the sanitised one. And before this change, |
This worked perfectly fine before. Now it raises >>> zf = zipfile.ZipFile("foo.zip", "r")
>>> zf.namelist()
['d:/', 'd:/foo\\bar']
>>> p = zipfile.Path(zf)
>>> (p / "d:").is_dir()
True
>>> (p / "d:" / "foo\\bar").read_text()
'Hi!\n' And if >>> (p / "d" / "foo" / "bar").is_file()
True
>>> (p / "d" / "foo" / "bar").read_text()
KeyError: "There is no item named 'd/foo/bar' in the archive" |
Note that it's not just Meanwhile, this seems incorrect: >>> zipfile._path.SanitizedNames._sanitize("d:/foo")
'd/foo'
>>> zipfile._path.SanitizedNames._sanitize("/d:/foo")
'd:/foo' |
Meanwhile, as I posted here, the only fix needed for the infinite loop would be the loop condition here: cpython/Lib/zipfile/_path/__init__.py Lines 53 to 55 in 52caaef
This should work: while path and path != posixpath.sep * len(path):
yield path
path, tail = posixpath.split(path) Or this: while path:
yield path
head, tail = posixpath.split(path)
if head == path:
break
path = head |
It seems I've stumbled into a hornets nest. When I received the report about the infinite loops, my objective was to try to understand the broader problem and not simply address an issue with the infinite loops. I sought to figure out why
Yeah, that's unfortunate, but I think zipfile.Path does not wish to support this name because it isn't valid on commonly-found operating systems... or to support the name, but in a uniform way. In my opinion, it's more desirable to have a consistent behavior than to have varying behavior depending on platform. On the other hand, supporting this name for traversal on any operating system should be fine, right up until the point that these files are manifest on the file system, such as
Yes, I agree. Probably all colons should be disallowed.
That's a good point, and not something I considered when sanitizing, and really suggests that sanitizing early is much more complicated than it sounds.
The more I think about it, the more I'm liking this approach. Leave the path segments unaffected and let them fail if the user uses a name that's not valid on a platform. In that way, the path The real problem, I think, is that we also want to protect against other separators, like Should zipfile.Path consider
So it seems reasonable to just treat backslashes and dots and everything else as part of the path segment and not a path separator, and let the OS fail if anything attempts to create those as files or directories in the system (e.g. I'm now convinced, |
In jaraco/zipp#124, I've started work on the issue. |
…slash. Alternate and more surgical fix for #119. Ref python/cpython#123270
…slash. Alternate and more surgical fix for #119. Ref python/cpython#123270
…slash. Alternate and more surgical fix for #119. Ref python/cpython#123270
I tried applying this, and it does address the infinite loop. I ended up using In jaraco/zipp@0a3a7b4, I had to adjust the expectation for |
Using
One of several essentially equivalent fixes (assuming no change in behaviour of |
I found something I think I like even better: diff --git a/zipp/__init__.py b/zipp/__init__.py
index 0b7b44325fe..a3f0b1b481f 100644
--- a/zipp/__init__.py
+++ b/zipp/__init__.py
@@ -65,7 +65,7 @@ def _ancestry(path):
['//b//d///f', '//b//d', '//b']
"""
path = path.rstrip(posixpath.sep)
- while path and not path.endswith(posixpath.sep):
+ while path.rstrip(posixpath.sep):
yield path
path, tail = posixpath.split(path)
Because it combines the check for "empty" and "is only slashes" into one check. |
Is the plan to revert #122906 from all the security branches, and just put the fix for this on >3.11? Or is this going to be backported into all the security-only versions as well? |
My plan is to apply the change to security-only versions. Reverting the change would revive the vulnerability. |
Thanks for raising this concern. I was thinking about it too, and here's my thinking: Because of the way that |
I agree that the specific code from |
Yeah, that does appear potentially problemmatic. I see a few possible options:
To be sure, the draft as proposed does still address the originally-reported vulnerability, so it's not a regression in security from that perspective, but still it would be nice not to open up prospects for other vulnerabilities. |
…fix. (pythonGH-123354) Applies changes from zipp 3.20.1 and jaraco/zippGH-124 (cherry picked from commit 2231286) Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
…rgical fix. (pythonGH-123354) Applies changes from zipp 3.20.1 and jaraco/zippGH-124 (cherry picked from commit 2231286) (cherry picked from commit 17b77bb) Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
…gical fix. (pythonGH-123354) Applies changes from zipp 3.20.1 and jaraco/zippGH-124 (cherry picked from commit 2231286) (cherry picked from commit 17b77bb) Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
…re surgical fix. (pythonGH-123354) Applies changes from zipp 3.20.1 and jaraco/zippGH-124 (cherry picked from commit 2231286) (cherry picked from commit 17b77bb) (cherry picked from commit 66d3383) Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
…3612) Bumps the minor-python group in /shared_requirements with 7 updates: | Package | From | To | | --- | --- | --- | | [certifi](https://github.com/certifi/python-certifi) | `2024.7.4` | `2024.8.30` | | [googleapis-common-protos[grpc]](https://github.com/googleapis/python-api-common-protos) | `1.63.2` | `1.65.0` | | [grpcio-status](https://grpc.io) | `1.66.0` | `1.66.1` | | [grpcio](https://github.com/grpc/grpc) | `1.66.0` | `1.66.1` | | [numpy](https://github.com/numpy/numpy) | `2.0.1` | `2.1.0` | | [pylint](https://github.com/pylint-dev/pylint) | `3.2.6` | `3.2.7` | | [zipp](https://github.com/jaraco/zipp) | `3.20.0` | `3.20.1` | Updates `certifi` from 2024.7.4 to 2024.8.30 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/certifi/python-certifi/commit/325c2fde4f8eec10d682b09f3b0414dc05e69a81"><code>325c2fd</code></a> 2024.08.30 (<a href="https://redirect.github.com/certifi/python-certifi/issues/304">#304</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/d66bf5fccbb2b13b033841ef86ad261ab9915833"><code>d66bf5f</code></a> Bump actions/upload-artifact from 4.3.5 to 4.3.6 (<a href="https://redirect.github.com/certifi/python-certifi/issues/302">#302</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/2150f23ee178c923fb05913e516d168dd841f9e3"><code>2150f23</code></a> Bump actions/upload-artifact from 4.3.4 to 4.3.5 (<a href="https://redirect.github.com/certifi/python-certifi/issues/301">#301</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/fc9b771c1e5bd5f0f97534464c16a6ab785d5592"><code>fc9b771</code></a> Bump actions/setup-python from 5.1.0 to 5.1.1 (<a href="https://redirect.github.com/certifi/python-certifi/issues/300">#300</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/965b2391df4bdce03fb07bf8cc19003585b43599"><code>965b239</code></a> Bump actions/download-artifact from 4.1.7 to 4.1.8 (<a href="https://redirect.github.com/certifi/python-certifi/issues/297">#297</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/c1f50ccd010b428caeb105255638e67be7c64f5c"><code>c1f50cc</code></a> Bump actions/upload-artifact from 4.3.3 to 4.3.4 (<a href="https://redirect.github.com/certifi/python-certifi/issues/296">#296</a>)</li> <li>See full diff in <a href="https://github.com/certifi/python-certifi/compare/2024.07.04...2024.08.30">compare view</a></li> </ul> </details> <br /> Updates `googleapis-common-protos[grpc]` from 1.63.2 to 1.65.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/googleapis/python-api-common-protos/releases">googleapis-common-protos[grpc]'s releases</a>.</em></p> <blockquote> <h2>v1.65.0</h2> <h2><a href="https://github.com/googleapis/python-api-common-protos/compare/v1.64.0...v1.65.0">1.65.0</a> (2024-08-27)</h2> <h3>Features</h3> <ul> <li>Add field <code>experimental_features</code> to message <code>PythonSettings</code> (<a href="https://redirect.github.com/googleapis/python-api-common-protos/issues/249">#249</a>) (<a href="https://github.com/googleapis/python-api-common-protos/commit/139490fedcebf1a6674d9cf058226e6814208619">139490f</a>)</li> </ul> <h2>v1.64.0</h2> <h2><a href="https://github.com/googleapis/python-api-common-protos/compare/v1.63.2...v1.64.0">1.64.0</a> (2024-08-26)</h2> <h3>Features</h3> <ul> <li>Add FieldInfo.referenced_types for generics (<a href="https://github.com/googleapis/python-api-common-protos/commit/2ba35774cb6ea31513b1985e3a391c5c3435e7be">2ba3577</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>Un-deprecate Endpoint.aliases field (<a href="https://github.com/googleapis/python-api-common-protos/commit/2ba35774cb6ea31513b1985e3a391c5c3435e7be">2ba3577</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>Fix formatting in http.proto comments (<a href="https://github.com/googleapis/python-api-common-protos/commit/2ba35774cb6ea31513b1985e3a391c5c3435e7be">2ba3577</a>)</li> <li>Improve MethodSettings selector examples (<a href="https://github.com/googleapis/python-api-common-protos/commit/2ba35774cb6ea31513b1985e3a391c5c3435e7be">2ba3577</a>)</li> <li>Reformat comments in context proto (<a href="https://github.com/googleapis/python-api-common-protos/commit/2ba35774cb6ea31513b1985e3a391c5c3435e7be">2ba3577</a>)</li> <li>Update ResourceDescriptor.plural docs with AIP-122 nested collections guidance (<a href="https://github.com/googleapis/python-api-common-protos/commit/2ba35774cb6ea31513b1985e3a391c5c3435e7be">2ba3577</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/googleapis/python-api-common-protos/blob/main/CHANGELOG.md">googleapis-common-protos[grpc]'s changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/googleapis/python-api-common-protos/compare/v1.64.0...v1.65.0">1.65.0</a> (2024-08-27)</h2> <h3>Features</h3> <ul> <li>Add field <code>experimental_features</code> to message <code>PythonSettings</code> (<a href="https://redirect.github.com/googleapis/python-api-common-protos/issues/249">#249</a>) (<a href="https://github.com/googleapis/python-api-common-protos/commit/139490fedcebf1a6674d9cf058226e6814208619">139490f</a>)</li> </ul> <h2><a href="https://github.com/googleapis/python-api-common-protos/compare/v1.63.2...v1.64.0">1.64.0</a> (2024-08-26)</h2> <h3>Features</h3> <ul> <li>Add FieldInfo.referenced_types for generics (<a href="https://github.com/googleapis/python-api-common-protos/commit/2ba35774cb6ea31513b1985e3a391c5c3435e7be">2ba3577</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>Un-deprecate Endpoint.aliases field (<a href="https://github.com/googleapis/python-api-common-protos/commit/2ba35774cb6ea31513b1985e3a391c5c3435e7be">2ba3577</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>Fix formatting in http.proto comments (<a href="https://github.com/googleapis/python-api-common-protos/commit/2ba35774cb6ea31513b1985e3a391c5c3435e7be">2ba3577</a>)</li> <li>Improve MethodSettings selector examples (<a href="https://github.com/googleapis/python-api-common-protos/commit/2ba35774cb6ea31513b1985e3a391c5c3435e7be">2ba3577</a>)</li> <li>Reformat comments in context proto (<a href="https://github.com/googleapis/python-api-common-protos/commit/2ba35774cb6ea31513b1985e3a391c5c3435e7be">2ba3577</a>)</li> <li>Update ResourceDescriptor.plural docs with AIP-122 nested collections guidance (<a href="https://github.com/googleapis/python-api-common-protos/commit/2ba35774cb6ea31513b1985e3a391c5c3435e7be">2ba3577</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/googleapis/python-api-common-protos/commit/f30115b7302afc91bf06f210a270a6530b7fafdf"><code>f30115b</code></a> chore(main): release 1.65.0 (<a href="https://redirect.github.com/googleapis/python-api-common-protos/issues/250">#250</a>)</li> <li><a href="https://github.com/googleapis/python-api-common-protos/commit/139490fedcebf1a6674d9cf058226e6814208619"><code>139490f</code></a> feat: Add field <code>experimental_features</code> to message <code>PythonSettings</code> (<a href="https://redirect.github.com/googleapis/python-api-common-protos/issues/249">#249</a>)</li> <li><a href="https://github.com/googleapis/python-api-common-protos/commit/9099f715cd7fa6b5d796c8ceddcb852e367b2bc2"><code>9099f71</code></a> chore(main): release 1.64.0 (<a href="https://redirect.github.com/googleapis/python-api-common-protos/issues/248">#248</a>)</li> <li><a href="https://github.com/googleapis/python-api-common-protos/commit/2ba35774cb6ea31513b1985e3a391c5c3435e7be"><code>2ba3577</code></a> feat: add FieldInfo.referenced_types for generics (<a href="https://redirect.github.com/googleapis/python-api-common-protos/issues/247">#247</a>)</li> <li><a href="https://github.com/googleapis/python-api-common-protos/commit/f949829be77f2d4e3fde59ddc4e15cbfc60639c8"><code>f949829</code></a> chore(python): use python 3.10 for docs build (<a href="https://redirect.github.com/googleapis/python-api-common-protos/issues/243">#243</a>)</li> <li><a href="https://github.com/googleapis/python-api-common-protos/commit/996bf2bffa13ed2ffb6dd0321c84a0c132802eb7"><code>996bf2b</code></a> chore: update templated files (<a href="https://redirect.github.com/googleapis/python-api-common-protos/issues/239">#239</a>)</li> <li>See full diff in <a href="https://github.com/googleapis/python-api-common-protos/compare/v1.63.2...v1.65.0">compare view</a></li> </ul> </details> <br /> Updates `grpcio-status` from 1.66.0 to 1.66.1 Updates `grpcio` from 1.66.0 to 1.66.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grpc/grpc/releases">grpcio's releases</a>.</em></p> <blockquote> <h2>Release v1.66.1</h2> <p>This is release gRPC Core 1.66.1 (gladiator).</p> <p>For gRPC documentation, see <a href="https://grpc.io/">grpc.io</a>. For previous releases, see <a href="https://github.com/grpc/grpc/releases">Releases</a>.</p> <p>This release contains refinements, improvements, and bug fixes.</p> <h1>Core</h1> <ul> <li>Enable EDS dualstack support by default (<a href="https://redirect.github.com/grpc/grpc/pull/37545">grpc/grpc#37545</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/grpc/grpc/commit/e821cdc231bda9ee93139a6daab6311dd8953832"><code>e821cdc</code></a> [Release] Bump version to 1.66.1 (on v1.66.x branch) (<a href="https://redirect.github.com/grpc/grpc/issues/37570">#37570</a>)</li> <li><a href="https://github.com/grpc/grpc/commit/c8ada9c7ee26074392f7cacefda01d1016d9f9d7"><code>c8ada9c</code></a> [dualstack] enable EDS dualstack support by default (backport to 1.66.x) (<a href="https://redirect.github.com/grpc/grpc/issues/37">#37</a>...</li> <li>See full diff in <a href="https://github.com/grpc/grpc/compare/v1.66.0...v1.66.1">compare view</a></li> </ul> </details> <br /> Updates `numpy` from 2.0.1 to 2.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/numpy/numpy/releases">numpy's releases</a>.</em></p> <blockquote> <h2>2.1.0 (Aug 18, 2024)</h2> <h1>NumPy 2.1.0 Release Notes</h1> <p>NumPy 2.1.0 provides support for the upcoming Python 3.13 release and drops support for Python 3.9. In addition to the usual bug fixes and updated Python support, it helps get us back into our usual release cycle after the extended development of 2.0. The highlights for this release are:</p> <ul> <li>Support for the array-api 2023.12 standard.</li> <li>Support for Python 3.13.</li> <li>Preliminary support for free threaded Python 3.13.</li> </ul> <p>Python versions 3.10-3.13 are supported in this release.</p> <h2>New functions</h2> <h3>New function <code>numpy.unstack</code></h3> <p>A new function <code>np.unstack(array, axis=...)</code> was added, which splits an array into a tuple of arrays along an axis. It serves as the inverse of [numpy.stack]{.title-ref}.</p> <p>(<a href="https://redirect.github.com/numpy/numpy/pull/26579">gh-26579</a>)</p> <h2>Deprecations</h2> <ul> <li> <p>The <code>fix_imports</code> keyword argument in <code>numpy.save</code> is deprecated. Since NumPy 1.17, <code>numpy.save</code> uses a pickle protocol that no longer supports Python 2, and ignored <code>fix_imports</code> keyword. This keyword is kept only for backward compatibility. It is now deprecated.</p> <p>(<a href="https://redirect.github.com/numpy/numpy/pull/26452">gh-26452</a>)</p> </li> <li> <p>Passing non-integer inputs as the first argument of [bincount]{.title-ref} is now deprecated, because such inputs are silently cast to integers with no warning about loss of precision.</p> <p>(<a href="https://redirect.github.com/numpy/numpy/pull/27076">gh-27076</a>)</p> </li> </ul> <h2>Expired deprecations</h2> <ul> <li> <p>Scalars and 0D arrays are disallowed for <code>numpy.nonzero</code> and <code>numpy.ndarray.nonzero</code>.</p> <p>(<a href="https://redirect.github.com/numpy/numpy/pull/26268">gh-26268</a>)</p> </li> <li> <p><code>set_string_function</code> internal function was removed and <code>PyArray_SetStringFunction</code> was stubbed out.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/numpy/numpy/commit/2f7fe64b8b6d7591dd208942f1cc74473d5db4cb"><code>2f7fe64</code></a> Merge pull request <a href="https://redirect.github.com/numpy/numpy/issues/27236">#27236</a> from charris/prepare-2.1.0</li> <li><a href="https://github.com/numpy/numpy/commit/b6f434f852e9d1ed4f7de9a3a465b38171d54a61"><code>b6f434f</code></a> REL: Prepare for the NumPy 2.1.0 release [wheel build]</li> <li><a href="https://github.com/numpy/numpy/commit/3cf93948797fb81fc251c26cb90d6c44f8374c54"><code>3cf9394</code></a> Merge pull request <a href="https://redirect.github.com/numpy/numpy/issues/27234">#27234</a> from charris/backport-25984</li> <li><a href="https://github.com/numpy/numpy/commit/7443dcc915fea1e905f354da511e9e60da82e19c"><code>7443dcc</code></a> Merge pull request <a href="https://redirect.github.com/numpy/numpy/issues/27233">#27233</a> from charris/backport-27223</li> <li><a href="https://github.com/numpy/numpy/commit/85b1cab2ad5f418cca485042478622ce13a497a7"><code>85b1cab</code></a> BUG: Allow fitting of degree zero polynomials with Polynomial.fit</li> <li><a href="https://github.com/numpy/numpy/commit/395a81dee5be52b2acff817e6f16652d23181fc3"><code>395a81d</code></a> DOC: reword discussion about shared arrays to hopefully be clearer</li> <li><a href="https://github.com/numpy/numpy/commit/5af2e965a02137cd05706d8d395d8263f395f7c7"><code>5af2e96</code></a> Move NUMUSERTYPES thread safety discussion to legacy DType API docs</li> <li><a href="https://github.com/numpy/numpy/commit/d902c24b684e8ba5370a160a375beaa77bae5032"><code>d902c24</code></a> DOC: add docs on thread safety in NumPy</li> <li><a href="https://github.com/numpy/numpy/commit/c080180fabc1f8fcde14c27e3df2de8fcbe7cf03"><code>c080180</code></a> Merge pull request <a href="https://redirect.github.com/numpy/numpy/issues/27229">#27229</a> from charris/backport-27226</li> <li><a href="https://github.com/numpy/numpy/commit/44ce7e8f7b43c1045ad78eecaac0435fff491fae"><code>44ce7e8</code></a> BUG: Fix <code>PyArray_ZeroContiguousBuffer</code> (resize) with struct dtypes</li> <li>Additional commits viewable in <a href="https://github.com/numpy/numpy/compare/v2.0.1...v2.1.0">compare view</a></li> </ul> </details> <br /> Updates `pylint` from 3.2.6 to 3.2.7 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pylint-dev/pylint/commit/a98215b8c6a6203dd56366bcfe1cd946fb41282a"><code>a98215b</code></a> Bump pylint to 3.2.7, update changelog</li> <li><a href="https://github.com/pylint-dev/pylint/commit/1deaffababe77e8a025e3b2e5d564d4feb8d987f"><code>1deaffa</code></a> Fix to maintain order of package paths (<a href="https://redirect.github.com/pylint-dev/pylint/issues/9887">#9887</a>) (<a href="https://redirect.github.com/pylint-dev/pylint/issues/9897">#9897</a>)</li> <li><a href="https://github.com/pylint-dev/pylint/commit/b4c2951e62c6ba8e061d4c001192efdedcb6f498"><code>b4c2951</code></a> [Backport maintenance/3.2.x] Fix a crash in <code>undefined-loop-variable</code> with `e...</li> <li><a href="https://github.com/pylint-dev/pylint/commit/f1925f46ff4c93e7d191d24746b601cfeb0b4e3c"><code>f1925f4</code></a> Fix crash in refactoring checker when calling bound lambda (<a href="https://redirect.github.com/pylint-dev/pylint/issues/9867">#9867</a>)</li> <li><a href="https://github.com/pylint-dev/pylint/commit/7d1626cf869dab1365150265bad45da7e4221bc1"><code>7d1626c</code></a> Fix a false positive <code>unreachable</code> for <code>NoReturn</code> coroutine functions (<a href="https://redirect.github.com/pylint-dev/pylint/issues/9844">#9844</a>)...</li> <li>See full diff in <a href="https://github.com/pylint-dev/pylint/compare/v3.2.6...v3.2.7">compare view</a></li> </ul> </details> <br /> Updates `zipp` from 3.20.0 to 3.20.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jaraco/zipp/blob/main/NEWS.rst">zipp's changelog</a>.</em></p> <blockquote> <h1>v3.20.1</h1> <h2>Bugfixes</h2> <ul> <li><code>python/cpython#123270</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jaraco/zipp/commit/c23e5498d156fabfadcb26453dc363ef7d26e51a"><code>c23e549</code></a> Finalize</li> <li><a href="https://github.com/jaraco/zipp/commit/c2b9015366cf3f3b67a4e88c75833b9e3f498826"><code>c2b9015</code></a> Merge pull request <a href="https://redirect.github.com/jaraco/zipp/issues/124">#124</a> from jaraco/bugfix/gh-123270-supported-names</li> <li><a href="https://github.com/jaraco/zipp/commit/774a3ac67f5b827684e8c3b2e03c5f8bbb440593"><code>774a3ac</code></a> Add TODO to consolidate this behavior in CPython.</li> <li><a href="https://github.com/jaraco/zipp/commit/cc61e6140f0dfde2ff372db932442cf6df890f09"><code>cc61e61</code></a> Prefer simpler path.rstrip to consolidate checks for empty or only paths.</li> <li><a href="https://github.com/jaraco/zipp/commit/bec712f098666b1767502d793d36b51afd0d7e94"><code>bec712f</code></a> Mark unused code as uncovered.</li> <li><a href="https://github.com/jaraco/zipp/commit/fde82dcfdea5722c5126e83921773c629a8ba400"><code>fde82dc</code></a> Add news fragment.</li> <li><a href="https://github.com/jaraco/zipp/commit/a421f7e38d88ca9b6b58c89c6b3f141c07fdc588"><code>a421f7e</code></a> Invent DirtyZipInfo to create an unsanitized zipfile with backslashes.</li> <li><a href="https://github.com/jaraco/zipp/commit/0a3a7b4652e417f61de2458506d05570e22df018"><code>0a3a7b4</code></a> Refine expectation that paths with leading slashes are simply not visible.</li> <li><a href="https://github.com/jaraco/zipp/commit/f89b93f0370dd85d23d243e25dfc1f99f4d8de48"><code>f89b93f</code></a> Address infinite loop when zipfile begins with more than one leading slash.</li> <li><a href="https://github.com/jaraco/zipp/commit/3cb5609002263eb19f7b5efda82d96f1f57fe876"><code>3cb5609</code></a> Removed SanitizedNames.</li> <li>Additional commits viewable in <a href="https://github.com/jaraco/zipp/compare/v3.20.0...v3.20.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ben Hammond <benjamin.hammond@gmail.com>
…H-123354) (#123432) Applies changes from zipp 3.20.1 and jaraco/zippGH-124 (cherry picked from commit 2231286) (cherry picked from commit 17b77bb) Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
…H-123354) (#123425) Applies changes from zipp 3.20.1 and jaraco/zippGH-124 (cherry picked from commit 2231286) Co-authored-by: Jason R. Coombs <jaraco@jaraco.com> * Restore the slash-prefixed paths in the malformed_paths test.
…H-123354) (#123426) Applies changes from zipp 3.20.1 and jaraco/zippGH-124 (cherry picked from commit 2231286) (cherry picked from commit 17b77bb) Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
I think documenting the caveats would be good.
Something like that might be nice. Though perhaps it could be more generic instead of being part of |
I opened two issues to track. I'm not planning on driving them, but I'm happy to guide and advise. Feel free to take one or both on, or help drive the conversation toward something that's acceptable. Thanks. |
Thanks. I have too many other projects to work on currently to take this on, but happy to comment and review when I can :) |
Hi, I'm new to contributing in general and have some experience in programming. I wanted to start by helping with documentation. How can I get started on this? |
I don't think there's anything here that needs documentation updates, since it's a bugfix. You should take a look at the devguide. |
But #123726 is about updating the documentation to explain the caveats regarding name sanitation as a result of the discussion here :) |
Bumps [zipp](https://github.com/jaraco/zipp) from 3.20.0 to 3.20.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jaraco/zipp/blob/main/NEWS.rst">zipp's changelog</a>.</em></p> <blockquote> <h1>v3.20.2</h1> <h2>Bugfixes</h2> <ul> <li>Make zipp.compat.overlay.zipfile hashable. (<a href="https://redirect.github.com/jaraco/zipp/issues/126">#126</a>)</li> </ul> <h1>v3.20.1</h1> <h2>Bugfixes</h2> <ul> <li><code>python/cpython#123270</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jaraco/zipp/commit/a575660e5c76daca0924f6e9520fd7109e05f424"><code>a575660</code></a> Make no assertions about the number. It could be negative.</li> <li><a href="https://github.com/jaraco/zipp/commit/0b3a1b9ddbc8d9f646d51810b082711bf03261c7"><code>0b3a1b9</code></a> Finalize</li> <li><a href="https://github.com/jaraco/zipp/commit/a4c79614a52f34d2999246d807538d46e5986feb"><code>a4c7961</code></a> Make zipp.compat.overlay.zipfile hashable.</li> <li><a href="https://github.com/jaraco/zipp/commit/d66007a66b7dbd88e69eaf59faae8b614cba256d"><code>d66007a</code></a> Merge <a href="https://github.com/jaraco/skeleton">https://github.com/jaraco/skeleton</a></li> <li><a href="https://github.com/jaraco/zipp/commit/3fe8c5ba792fd58a5a24eef4e8a845f3b5dd6c2c"><code>3fe8c5b</code></a><code>jaraco/skeleton#146</code></li> <li><a href="https://github.com/jaraco/zipp/commit/81b766c06cc83679c4a04c2bfa6d2c8cc559bf33"><code>81b766c</code></a> Fix an incompatibility (and source of merge conflicts) with projects using Ru...</li> <li><a href="https://github.com/jaraco/zipp/commit/b8a63ca4b77d28eb808c457ec781ed3f8ba50671"><code>b8a63ca</code></a> Merge pull request <a href="https://redirect.github.com/jaraco/zipp/issues/125">#125</a> from saschanaz/patch-1</li> <li><a href="https://github.com/jaraco/zipp/commit/0b95ec706308342782231a9be2acd98be7ccf996"><code>0b95ec7</code></a> Suppress F821</li> <li><a href="https://github.com/jaraco/zipp/commit/5d2fa666ffae2e89a6e4ccbc5ed9b3a5b8d64fc0"><code>5d2fa66</code></a> Merge <a href="https://github.com/jaraco/skeleton">https://github.com/jaraco/skeleton</a></li> <li><a href="https://github.com/jaraco/zipp/commit/a675458e1a7d6ae81d0d441338a74dc98ffc5a61"><code>a675458</code></a> Allow the workflow to be triggered manually.</li> <li>Additional commits viewable in <a href="https://github.com/jaraco/zipp/compare/v3.20.0...v3.20.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zipp&package-manager=pip&previous-version=3.20.0&new-version=3.20.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [zipp](https://github.com/jaraco/zipp) from 3.20.0 to 3.20.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jaraco/zipp/blob/main/NEWS.rst">zipp's changelog</a>.</em></p> <blockquote> <h1>v3.20.2</h1> <h2>Bugfixes</h2> <ul> <li>Make zipp.compat.overlay.zipfile hashable. (<a href="https://redirect.github.com/jaraco/zipp/issues/126">#126</a>)</li> </ul> <h1>v3.20.1</h1> <h2>Bugfixes</h2> <ul> <li><code>python/cpython#123270</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jaraco/zipp/commit/a575660e5c76daca0924f6e9520fd7109e05f424"><code>a575660</code></a> Make no assertions about the number. It could be negative.</li> <li><a href="https://github.com/jaraco/zipp/commit/0b3a1b9ddbc8d9f646d51810b082711bf03261c7"><code>0b3a1b9</code></a> Finalize</li> <li><a href="https://github.com/jaraco/zipp/commit/a4c79614a52f34d2999246d807538d46e5986feb"><code>a4c7961</code></a> Make zipp.compat.overlay.zipfile hashable.</li> <li><a href="https://github.com/jaraco/zipp/commit/d66007a66b7dbd88e69eaf59faae8b614cba256d"><code>d66007a</code></a> Merge <a href="https://github.com/jaraco/skeleton">https://github.com/jaraco/skeleton</a></li> <li><a href="https://github.com/jaraco/zipp/commit/3fe8c5ba792fd58a5a24eef4e8a845f3b5dd6c2c"><code>3fe8c5b</code></a><code>jaraco/skeleton#146</code></li> <li><a href="https://github.com/jaraco/zipp/commit/81b766c06cc83679c4a04c2bfa6d2c8cc559bf33"><code>81b766c</code></a> Fix an incompatibility (and source of merge conflicts) with projects using Ru...</li> <li><a href="https://github.com/jaraco/zipp/commit/b8a63ca4b77d28eb808c457ec781ed3f8ba50671"><code>b8a63ca</code></a> Merge pull request <a href="https://redirect.github.com/jaraco/zipp/issues/125">#125</a> from saschanaz/patch-1</li> <li><a href="https://github.com/jaraco/zipp/commit/0b95ec706308342782231a9be2acd98be7ccf996"><code>0b95ec7</code></a> Suppress F821</li> <li><a href="https://github.com/jaraco/zipp/commit/5d2fa666ffae2e89a6e4ccbc5ed9b3a5b8d64fc0"><code>5d2fa66</code></a> Merge <a href="https://github.com/jaraco/skeleton">https://github.com/jaraco/skeleton</a></li> <li><a href="https://github.com/jaraco/zipp/commit/a675458e1a7d6ae81d0d441338a74dc98ffc5a61"><code>a675458</code></a> Allow the workflow to be triggered manually.</li> <li>Additional commits viewable in <a href="https://github.com/jaraco/zipp/compare/v3.20.0...v3.20.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zipp&package-manager=pip&previous-version=3.20.0&new-version=3.20.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the dependabot group with 4 updates: [packaging](https://github.com/pypa/packaging), [wheel](https://github.com/pypa/wheel), [zipp](https://github.com/jaraco/zipp) and [tqdm](https://github.com/tqdm/tqdm). Updates `packaging` from 24.1 to 24.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/packaging/releases">packaging's releases</a>.</em></p> <blockquote> <h2>24.2</h2> <h2>What's Changed</h2> <ul> <li>The source is auto-formatted with ruff, not black by <a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/798">pypa/packaging#798</a></li> <li>Bump the github-actions group across 1 directory with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/813">pypa/packaging#813</a></li> <li>Apply ruff rules (RUF) by <a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/800">pypa/packaging#800</a></li> <li>Fix typo in Version <code>__str__</code> by <a href="https://github.com/aryanpingle"><code>@aryanpingle</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/817">pypa/packaging#817</a></li> <li>Bump the github-actions group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/819">pypa/packaging#819</a></li> <li>Get rid of duplicate test cases by <a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/821">pypa/packaging#821</a></li> <li>Fix doc for canonicalize_version and a typo in a docstring by <a href="https://github.com/Laurent-Dx"><code>@Laurent-Dx</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/801">pypa/packaging#801</a></li> <li>docs: public/base_version comparison by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/818">pypa/packaging#818</a></li> <li>Apply ruff/bugbear rules (B) by <a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/787">pypa/packaging#787</a></li> <li>Apply ruff/pyupgrade rules (UP) by <a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/786">pypa/packaging#786</a></li> <li>Add a changelog entry for dropping Python 3.7 support by <a href="https://github.com/alexwlchan"><code>@alexwlchan</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/824">pypa/packaging#824</a></li> <li>Patch python_full_version unconditionally by <a href="https://github.com/jaraco"><code>@jaraco</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/825">pypa/packaging#825</a></li> <li>Refactor canonicalize_version by <a href="https://github.com/jaraco"><code>@jaraco</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/793">pypa/packaging#793</a></li> <li>Allow creating a SpecifierSet from a list of specifiers by <a href="https://github.com/pfmoore"><code>@pfmoore</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/777">pypa/packaging#777</a></li> <li>Fix uninformative error message by <a href="https://github.com/abravalheri"><code>@abravalheri</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/830">pypa/packaging#830</a></li> <li>Fix prerelease detection for <code>></code> and <code><</code> by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/794">pypa/packaging#794</a></li> <li>Bump the github-actions group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/839">pypa/packaging#839</a></li> <li>Add support for PEP 730 iOS tags. by <a href="https://github.com/freakboy3742"><code>@freakboy3742</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/832">pypa/packaging#832</a></li> <li>Update the changelog to reflect 24.1 changes by <a href="https://github.com/pradyunsg"><code>@pradyunsg</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/840">pypa/packaging#840</a></li> <li>Mention updating changelog in release process by <a href="https://github.com/pradyunsg"><code>@pradyunsg</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/841">pypa/packaging#841</a></li> <li>Add a comment as to why <code>Metadata.name</code> isn't normalized by <a href="https://github.com/brettcannon"><code>@brettcannon</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/842">pypa/packaging#842</a></li> <li>Use !r formatter for error messages with filenames. by <a href="https://github.com/Carreau"><code>@Carreau</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/844">pypa/packaging#844</a></li> <li>PEP 639: Implement License-Expression and License-File by <a href="https://github.com/ewdurbin"><code>@ewdurbin</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/828">pypa/packaging#828</a></li> <li>Bump the github-actions group with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/852">pypa/packaging#852</a></li> <li>Upgrade to latest mypy by <a href="https://github.com/hauntsaninja"><code>@hauntsaninja</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/853">pypa/packaging#853</a></li> <li>Extraneous quotes by <a href="https://github.com/ewdurbin"><code>@ewdurbin</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/848">pypa/packaging#848</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/aryanpingle"><code>@aryanpingle</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/817">pypa/packaging#817</a></li> <li><a href="https://github.com/Laurent-Dx"><code>@Laurent-Dx</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/801">pypa/packaging#801</a></li> <li><a href="https://github.com/alexwlchan"><code>@alexwlchan</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/824">pypa/packaging#824</a></li> <li><a href="https://github.com/jaraco"><code>@jaraco</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/825">pypa/packaging#825</a></li> <li><a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/794">pypa/packaging#794</a></li> <li><a href="https://github.com/freakboy3742"><code>@freakboy3742</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/832">pypa/packaging#832</a></li> <li><a href="https://github.com/Carreau"><code>@Carreau</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/844">pypa/packaging#844</a></li> <li><a href="https://github.com/ewdurbin"><code>@ewdurbin</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/828">pypa/packaging#828</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/packaging/compare/24.1...24.2">https://github.com/pypa/packaging/compare/24.1...24.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/packaging/blob/main/CHANGELOG.rst">packaging's changelog</a>.</em></p> <blockquote> <p>24.2 - 2024-11-08</p> <pre><code> * PEP 639: Implement License-Expression and License-File (:issue:`828`) * Use ``!r`` formatter for error messages with filenames (:issue:`844`) * Add support for PEP 730 iOS tags (:issue:`832`) * Fix prerelease detection for ``>`` and ``<`` (:issue:`794`) * Fix uninformative error message (:issue:`830`) * Refactor ``canonicalize_version`` (:issue:`793`) * Patch python_full_version unconditionally (:issue:`825`) * Fix doc for ``canonicalize_version`` to mention ``strip_trailing_zero`` and a typo in a docstring (:issue:`801`) * Fix typo in Version ``__str__`` (:issue:`817`) * Support creating a ``SpecifierSet`` from an iterable of ``Specifier`` objects (:issue:`775`) </code></pre> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/packaging/commit/d8e3b31b734926ebbcaff654279f6855a73e052f"><code>d8e3b31</code></a> Bump for release</li> <li><a href="https://github.com/pypa/packaging/commit/2de393d910926a0408496ac5583f733c4b9f0f5e"><code>2de393d</code></a> Update changelog for release</li> <li><a href="https://github.com/pypa/packaging/commit/9c66f5c844bf3262f560c1521a0e6837079b16ff"><code>9c66f5c</code></a> Remove extraneous quotes in f-strings by using <code>!r</code> (<a href="https://redirect.github.com/pypa/packaging/issues/848">#848</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/4dc334c86d43f83371b194ca91618ed99e0e49ca"><code>4dc334c</code></a> Upgrade to latest mypy (<a href="https://redirect.github.com/pypa/packaging/issues/853">#853</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/d1a9f938343de11f7322151c1f6de25cbb61718b"><code>d1a9f93</code></a> Bump the github-actions group with 4 updates (<a href="https://redirect.github.com/pypa/packaging/issues/852">#852</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/029f41580098bcf52b69684843bdc7ea37959a7e"><code>029f415</code></a> PEP 639: Implement License-Expression and License-File (<a href="https://redirect.github.com/pypa/packaging/issues/828">#828</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/6c338a8425803476769151953cc5de5548e2befa"><code>6c338a8</code></a> Use !r formatter for error messages with filenames. (<a href="https://redirect.github.com/pypa/packaging/issues/844">#844</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/28e7da78f6f73b4856260e24051b35a4517c0149"><code>28e7da7</code></a> Add a comment as to why <code>Metadata.name</code> isn't normalized (<a href="https://redirect.github.com/pypa/packaging/issues/842">#842</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/ce0d79c5ab6d27e856a059fbc24c0b0a7c9d8581"><code>ce0d79c</code></a> Mention updating changelog in release process (<a href="https://redirect.github.com/pypa/packaging/issues/841">#841</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/ac5bdf3605ddcbfa1f672f7cf93a19fd6d3d77ea"><code>ac5bdf3</code></a> Update the changelog to reflect 24.1 changes (<a href="https://redirect.github.com/pypa/packaging/issues/840">#840</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/packaging/compare/24.1...24.2">compare view</a></li> </ul> </details> <br /> Updates `wheel` from 0.44.0 to 0.45.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/wheel/releases">wheel's releases</a>.</em></p> <blockquote> <h2>0.45.0</h2> <ul> <li> <p>Refactored the <code>convert</code> command to not need setuptools to be installed</p> </li> <li> <p>Don't configure setuptools logging unless running <code>bdist_wheel</code></p> </li> <li> <p>Added a redirection from <code>wheel.bdist_wheel.bdist_wheel</code> to <code>setuptools.command.bdist_wheel.bdist_wheel</code> to improve compatibility with <code>setuptools</code>' latest fixes.</p> <p>Projects are still advised to migrate away from the deprecated module and import the <code>setuptools</code>' implementation explicitly. (PR by <a href="https://github.com/abravalheri"><code>@abravalheri</code></a>)</p> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/wheel/blob/main/docs/news.rst">wheel's changelog</a>.</em></p> <blockquote> <h1>Release Notes</h1> <p><strong>0.45.0 (2024-11-08)</strong></p> <ul> <li> <p>Refactored the <code>convert</code> command to not need setuptools to be installed</p> </li> <li> <p>Don't configure setuptools logging unless running <code>bdist_wheel</code></p> </li> <li> <p>Added a redirection from <code>wheel.bdist_wheel.bdist_wheel</code> to <code>setuptools.command.bdist_wheel.bdist_wheel</code> to improve compatibility with <code>setuptools</code>' latest fixes.</p> <p>Projects are still advised to migrate away from the deprecated module and import the <code>setuptools</code>' implementation explicitly. (PR by <a href="https://github.com/abravalheri"><code>@abravalheri</code></a>)</p> </li> </ul> <p><strong>0.44.0 (2024-08-04)</strong></p> <ul> <li>Canonicalized requirements in METADATA file (PR by Wim Jeantine-Glenn)</li> <li>Deprecated the <code>bdist_wheel</code> module, as the code was migrated to <code>setuptools</code> itself</li> </ul> <p><strong>0.43.0 (2024-03-11)</strong></p> <ul> <li>Dropped support for Python 3.7</li> <li>Updated vendored <code>packaging</code> to 24.0</li> </ul> <p><strong>0.42.0 (2023-11-26)</strong></p> <ul> <li>Allowed removing build tag with <code>wheel tags --build ""</code></li> <li>Fixed <code>wheel pack</code> and <code>wheel tags</code> writing updated <code>WHEEL</code> fields after a blank line, causing other tools to ignore them</li> <li>Fixed <code>wheel pack</code> and <code>wheel tags</code> writing <code>WHEEL</code> with CRLF line endings or a mix of CRLF and LF</li> <li>Fixed <code>wheel pack --build-number ""</code> not removing build tag from <code>WHEEL</code> (above changes by Benjamin Gilbert)</li> </ul> <p><strong>0.41.3 (2023-10-30)</strong></p> <ul> <li>Updated vendored <code>packaging</code> to 23.2</li> <li>Fixed ABI tag generation for CPython 3.13a1 on Windows (PR by Sam Gross)</li> </ul> <p><strong>0.41.2 (2023-08-22)</strong></p> <ul> <li>Fixed platform tag detection for GraalPy and 32-bit python running on an aarch64 kernel (PR by Matthieu Darbois)</li> <li>Fixed <code>wheel tags</code> to not list directories in <code>RECORD</code> files (PR by Mike Taves)</li> <li>Fixed ABI tag generation for GraalPy (PR by Michael Simacek)</li> </ul> <p><strong>0.41.1 (2023-08-05)</strong></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/wheel/commit/d78f0e372199f8294556345d867af4d3cf118418"><code>d78f0e3</code></a> Created a new release</li> <li><a href="https://github.com/pypa/wheel/commit/f064c699209e36ec2948537b7cadabf84a110c30"><code>f064c69</code></a> Added license files for vendored <code>packaging</code></li> <li><a href="https://github.com/pypa/wheel/commit/68387afcd33cb514a4da811d2fc5de73c8797e48"><code>68387af</code></a> Only configure setuptools logging if bdist_wheel is imported (<a href="https://redirect.github.com/pypa/wheel/issues/641">#641</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/c81f5c954a8ca7698e6df9de39cf0013295949fa"><code>c81f5c9</code></a> Refactored the <code>wheel convert</code> command to not require setuptools (<a href="https://redirect.github.com/pypa/wheel/issues/640">#640</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/e43464d32feaddddb235ffe21b4bf13c1193465d"><code>e43464d</code></a> Adjusted target Python versions in GitHub CI</li> <li><a href="https://github.com/pypa/wheel/commit/e9894e71bc62e5808710bc8c2c268de51aef52d4"><code>e9894e7</code></a> Tweaked pytest settings to make the tracebacks easier to read</li> <li><a href="https://github.com/pypa/wheel/commit/baf6bf89562cb42a0ca71cc1e804600b161952eb"><code>baf6bf8</code></a> Removed Cirrus CI configuration</li> <li><a href="https://github.com/pypa/wheel/commit/28c1ba1e2a6d08edc03c73e29293a571888981f9"><code>28c1ba1</code></a> Improved compatibility with future versions of <code>setuptools</code> (<a href="https://redirect.github.com/pypa/wheel/issues/638">#638</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/9254a4f9f8d9475c9f4d00a854694ddf1834ba5b"><code>9254a4f</code></a> Exclude <code>@overload</code> and <code>if TYPE_CHECKING:</code> from coverage checks</li> <li><a href="https://github.com/pypa/wheel/commit/d841597258d04f10346fbcc0ce95f9278b38ef08"><code>d841597</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/pypa/wheel/issues/635">#635</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/wheel/compare/0.44.0...0.45.0">compare view</a></li> </ul> </details> <br /> Updates `zipp` from 3.20.0 to 3.21.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jaraco/zipp/blob/main/NEWS.rst">zipp's changelog</a>.</em></p> <blockquote> <h1>v3.21.0</h1> <h2>Features</h2> <ul> <li>Improve performances of :meth:<code>zipfile.Path.open</code> for non-reading modes. (1a1928d)</li> <li>Rely on cached_property to cache values on the instance.</li> <li>Rely on save_method_args to save method args.</li> </ul> <h1>v3.20.2</h1> <h2>Bugfixes</h2> <ul> <li>Make zipp.compat.overlay.zipfile hashable. (<a href="https://redirect.github.com/jaraco/zipp/issues/126">#126</a>)</li> </ul> <h1>v3.20.1</h1> <h2>Bugfixes</h2> <ul> <li><code>python/cpython#123270</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jaraco/zipp/commit/45b7f675c0bcaa4f3f9d15b4399fc71e74f2408c"><code>45b7f67</code></a> Finalize</li> <li><a href="https://github.com/jaraco/zipp/commit/71ddd8d4f4ab200af870f0060d9ee8c6b7056681"><code>71ddd8d</code></a> Skip <code>zipfile.Path.exists</code><code>python/cpython#126576</code></li> <li><a href="https://github.com/jaraco/zipp/commit/9a2705ee2a376a948f1e89320c8c7356829a42eb"><code>9a2705e</code></a> Merge <a href="https://github.com/jaraco/skeleton">https://github.com/jaraco/skeleton</a></li> <li><a href="https://github.com/jaraco/zipp/commit/5c34e69568f23a524af4fa9dad3f5e80f22ec3e6"><code>5c34e69</code></a> Use extend for proper workaround.</li> <li><a href="https://github.com/jaraco/zipp/commit/ee027f698c9cc629fb0018bc55cbb73267db2817"><code>ee027f6</code></a> Merge <a href="https://github.com/jaraco/skeleton">https://github.com/jaraco/skeleton</a></li> <li><a href="https://github.com/jaraco/zipp/commit/750a1891ec4a1c0602050e3463e9593a8c13aa14"><code>750a189</code></a> Require Python 3.9 or later now that Python 3.8 is EOL.</li> <li><a href="https://github.com/jaraco/zipp/commit/e61a9df7cdc9c8d1b56c30b7b3f94a7cdac14414"><code>e61a9df</code></a> Include pyproject.toml in ruff.toml.</li> <li><a href="https://github.com/jaraco/zipp/commit/db4dfc495552aca8d6f05ed58441fa65fdc2ed9c"><code>db4dfc4</code></a><code>jaraco/skeleton#151</code></li> <li><a href="https://github.com/jaraco/zipp/commit/62b6678a32087ed3bfc8ff19761764340295834e"><code>62b6678</code></a> Bump pre-commit hook for ruff to avoid clashes with pytest-ruff (jaraco/skele...</li> <li><a href="https://github.com/jaraco/zipp/commit/466f53538bd84cefcca39c5a42775fef6a1bf346"><code>466f535</code></a> Merge pull request <a href="https://redirect.github.com/jaraco/zipp/issues/109">#109</a> from jaraco/feature/functools</li> <li>Additional commits viewable in <a href="https://github.com/jaraco/zipp/compare/v3.20.0...v3.21.0">compare view</a></li> </ul> </details> <br /> Updates `tqdm` from 4.66.5 to 4.67.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tqdm/tqdm/releases">tqdm's releases</a>.</em></p> <blockquote> <h2>tqdm v4.67.0 stable</h2> <ul> <li><code>contrib.discord</code>: replace <code>disco-py</code> with <code>requests</code> (<a href="https://redirect.github.com/tqdm/tqdm/issues/1536">#1536</a>)</li> </ul> <h2>tqdm v4.66.6 stable</h2> <ul> <li>cli: zip-safe <code>--manpath</code>, <code>--comppath</code> (<a href="https://redirect.github.com/tqdm/tqdm/issues/1627">#1627</a>)</li> <li>misc framework updates (<a href="https://redirect.github.com/tqdm/tqdm/issues/1627">#1627</a>) <ul> <li>fix <code>pytest</code> <code>DeprecationWarning</code></li> <li>fix <code>snapcraft</code> build</li> <li>fix <code>nbval</code> <code>DeprecationWarning</code></li> <li>update & tidy workflows</li> <li>bump pre-commit</li> <li>docs: update URLs</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tqdm/tqdm/commit/35a6ee9a4527bab5c0c7234531269e0c7fd0f2fd"><code>35a6ee9</code></a> bump version, merge pull request <a href="https://redirect.github.com/tqdm/tqdm/issues/1536">#1536</a> from guigoruiz1</li> <li><a href="https://github.com/tqdm/tqdm/commit/8aa9470e485a90679936d3781a4f953cf5afa8f4"><code>8aa9470</code></a> add discord requests dep</li> <li><a href="https://github.com/tqdm/tqdm/commit/1db24b4ff442c43752cf56a55b1782998c76801c"><code>1db24b4</code></a> better user-agent</li> <li><a href="https://github.com/tqdm/tqdm/commit/61365d8321ae4ca433d2c6cda770a73a8e0e62cb"><code>61365d8</code></a> handle rate limit</li> <li><a href="https://github.com/tqdm/tqdm/commit/670840021ddea4908a2e68144ce6c009d7e16e96"><code>6708400</code></a> use requests.Session</li> <li><a href="https://github.com/tqdm/tqdm/commit/f1129e70c9983c527413e50e63016d4d885c51d3"><code>f1129e7</code></a> restore original docs, misc linting</li> <li><a href="https://github.com/tqdm/tqdm/commit/03b90e444ed18b88aed710371309c271c25ac391"><code>03b90e4</code></a> Using correct user agent</li> <li><a href="https://github.com/tqdm/tqdm/commit/b78efea5903a5f511a3bb22f8de32340ca4b954b"><code>b78efea</code></a> Using REST API directly</li> <li><a href="https://github.com/tqdm/tqdm/commit/5b84012637e1fa6b5fec1b5ce0ac4d7c08eef5fe"><code>5b84012</code></a> bump version, merge pull request <a href="https://redirect.github.com/tqdm/tqdm/issues/1627">#1627</a> from tqdm/devel</li> <li><a href="https://github.com/tqdm/tqdm/commit/0a439b5289b28e0a511b16fd10005d44b06cfbde"><code>0a439b5</code></a> tests: fix nbval DeprecationWarning</li> <li>Additional commits viewable in <a href="https://github.com/tqdm/tqdm/compare/v4.66.5...v4.67.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…11741) Bumps [zipp](https://github.com/jaraco/zipp) from 3.20.0 to 3.21.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jaraco/zipp/blob/main/NEWS.rst">zipp's changelog</a>.</em></p> <blockquote> <h1>v3.21.0</h1> <h2>Features</h2> <ul> <li>Improve performances of :meth:<code>zipfile.Path.open</code> for non-reading modes. (1a1928d)</li> <li>Rely on cached_property to cache values on the instance.</li> <li>Rely on save_method_args to save method args.</li> </ul> <h1>v3.20.2</h1> <h2>Bugfixes</h2> <ul> <li>Make zipp.compat.overlay.zipfile hashable. (<a href="https://redirect.github.com/jaraco/zipp/issues/126">#126</a>)</li> </ul> <h1>v3.20.1</h1> <h2>Bugfixes</h2> <ul> <li><code>python/cpython#123270</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jaraco/zipp/commit/45b7f675c0bcaa4f3f9d15b4399fc71e74f2408c"><code>45b7f67</code></a> Finalize</li> <li><a href="https://github.com/jaraco/zipp/commit/71ddd8d4f4ab200af870f0060d9ee8c6b7056681"><code>71ddd8d</code></a> Skip <code>zipfile.Path.exists</code><code>python/cpython#126576</code></li> <li><a href="https://github.com/jaraco/zipp/commit/9a2705ee2a376a948f1e89320c8c7356829a42eb"><code>9a2705e</code></a> Merge <a href="https://github.com/jaraco/skeleton">https://github.com/jaraco/skeleton</a></li> <li><a href="https://github.com/jaraco/zipp/commit/5c34e69568f23a524af4fa9dad3f5e80f22ec3e6"><code>5c34e69</code></a> Use extend for proper workaround.</li> <li><a href="https://github.com/jaraco/zipp/commit/ee027f698c9cc629fb0018bc55cbb73267db2817"><code>ee027f6</code></a> Merge <a href="https://github.com/jaraco/skeleton">https://github.com/jaraco/skeleton</a></li> <li><a href="https://github.com/jaraco/zipp/commit/750a1891ec4a1c0602050e3463e9593a8c13aa14"><code>750a189</code></a> Require Python 3.9 or later now that Python 3.8 is EOL.</li> <li><a href="https://github.com/jaraco/zipp/commit/e61a9df7cdc9c8d1b56c30b7b3f94a7cdac14414"><code>e61a9df</code></a> Include pyproject.toml in ruff.toml.</li> <li><a href="https://github.com/jaraco/zipp/commit/db4dfc495552aca8d6f05ed58441fa65fdc2ed9c"><code>db4dfc4</code></a><code>jaraco/skeleton#151</code></li> <li><a href="https://github.com/jaraco/zipp/commit/62b6678a32087ed3bfc8ff19761764340295834e"><code>62b6678</code></a> Bump pre-commit hook for ruff to avoid clashes with pytest-ruff (jaraco/skele...</li> <li><a href="https://github.com/jaraco/zipp/commit/466f53538bd84cefcca39c5a42775fef6a1bf346"><code>466f535</code></a> Merge pull request <a href="https://redirect.github.com/jaraco/zipp/issues/109">#109</a> from jaraco/feature/functools</li> <li>Additional commits viewable in <a href="https://github.com/jaraco/zipp/compare/v3.20.0...v3.21.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zipp&package-manager=pip&previous-version=3.20.0&new-version=3.21.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @jaredlockhart. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bug report
Bug description:
#122906 introduced a regression with directories that look like Windows drive letters (on Linux):
This is the result of
_sanitize()
unconditionally treating a directory that looks like a drive letter as such and removing the colon, regardless of operating system:cpython/Lib/zipfile/_path/__init__.py
Line 141 in 58fdb16
Whereas
_extract_member()
usesos.path.splitdrive()
(which is a no-op on Linux):cpython/Lib/zipfile/__init__.py
Line 1807 in 58fdb16
CPython versions tested on:
3.12
Operating systems tested on:
Linux
Linked PRs
The text was updated successfully, but these errors were encountered: