profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/Shubhrakanti/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

AustenZhu/Deep-Reinforcement-Learning-in-Zipline 11

Creating DRL infrastructure for Dynamic Beta with Zipline and Keras

blchu/mlab-intuit-fa18 1

Text Summarization Project

mathpun/OmniJR 0

Omniglot jr

Shubhrakanti/BookListingApp 0

Uses loaders to return search quesry for books of a certain topics on Google books

Shubhrakanti/BusinessCardApp 0

Project 1 For Udacity Android Basics

Shubhrakanti/donDugoutApp 0

Don Dugout App for ICDC 2016

delete branch AustenZhu/Deep-Reinforcement-Learning-in-Zipline

delete branch : dependabot/pip/zipdl/data/notebooks/Quantopian-Algo-Runner-Slack-Bot/urllib3-1.24.2

delete time in 18 days

PR closed AustenZhu/Deep-Reinforcement-Learning-in-Zipline

Bump urllib3 from 1.22 to 1.24.2 in /zipdl/data/notebooks/Quantopian Algo Runner Slack Bot dependencies

Bumps urllib3 from 1.22 to 1.24.2. <details> <summary>Changelog</summary>

Sourced from urllib3's changelog.

1.24.2 (2019-04-17)

  • Don't load system certificates by default when any other ca_certs, ca_certs_dir or ssl_context parameters are specified.

  • Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510)

  • Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269)

1.24.1 (2018-11-02)

  • Remove quadratic behavior within GzipDecoder.decompress() (Issue #1467)

  • Restored functionality of ciphers parameter for create_urllib3_context(). (Issue #1462)

1.24 (2018-10-16)

  • Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449)

  • Test against Python 3.7 on AppVeyor. (Pull #1453)

  • Early-out ipv6 checks when running on App Engine. (Pull #1450)

  • Change ambiguous description of backoff_factor (Pull #1436)

  • Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442)

  • Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405).

  • Add a server_hostname parameter to HTTPSConnection which allows for overriding the SNI hostname sent in the handshake. (Pull #1397)

  • Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430)

  • Fixed bug where responses with header Content-Type: message/* erroneously raised HeaderParsingError, resulting in a warning being logged. (Pull #1439)

  • Move urllib3 to src/urllib3 (Pull #1409)

1.23 (2018-06-04)

  • Allow providing a list of headers to strip from requests when redirecting to a different host. Defaults to the Authorization header. Different </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
  • 1efadf4 Release 1.24.2 (#1564)
  • a6ec68a Merging new release version: 1.24.1
  • 0cedb3b Restore context.set_ciphers() to create_urllib3_context() (#1463)
  • 0aeba3b Use bytearray to accumulate bytes from gzip (#1468)
  • f8d1c78 Uninstall oclint to ensure gcc can be brew upgraded (#1464)
  • cd7cfa6 Resolve pytest pluggy version conflict (#1457)
  • b548abc Update changelog for 1.24 release
  • ef0c745 Merging new release version: 1.24
  • a0964d9 Add missing key_server_hostname variable (#1449)
  • 34d8298 Test against Python 3.7 on AppVeyor (#1453)
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

1 comment

1 changed file

dependabot[bot]

pr closed time in 18 days

PR opened AustenZhu/Deep-Reinforcement-Learning-in-Zipline

Bump urllib3 from 1.22 to 1.26.5 in /zipdl/data/notebooks/Quantopian Algo Runner Slack Bot

Bumps urllib3 from 1.22 to 1.26.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>1.26.5</h2> <p>:warning: <strong>IMPORTANT: urllib3 v2.0 will drop support for Python 2</strong>: <a href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read more in the v2.0 Roadmap</a></p> <ul> <li>Fixed deprecation warnings emitted in Python 3.10.</li> <li>Updated vendored <code>six</code> library to 1.16.0.</li> <li>Improved performance of URL parser when splitting the authority component.</li> </ul> <p><strong>If you or your organization rely on urllib3 consider supporting us via <a href="https://github.com/sponsors/urllib3">GitHub Sponsors</a></strong></p> <h2>1.26.4</h2> <p>:warning: <strong>IMPORTANT: urllib3 v2.0 will drop support for Python 2</strong>: <a href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read more in the v2.0 Roadmap</a></p> <ul> <li>Changed behavior of the default <code>SSLContext</code> when connecting to HTTPS proxy during HTTPS requests. The default <code>SSLContext</code> now sets <code>check_hostname=True</code>.</li> </ul> <p><strong>If you or your organization rely on urllib3 consider supporting us via <a href="https://github.com/sponsors/urllib3">GitHub Sponsors</a></strong></p> <h2>1.26.3</h2> <p>:warning: <strong>IMPORTANT: urllib3 v2.0 will drop support for Python 2</strong>: <a href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read more in the v2.0 Roadmap</a></p> <ul> <li> <p>Fixed bytes and string comparison issue with headers (Pull <a href="https://github-redirect.dependabot.com/urllib3/urllib3/issues/2141">#2141</a>)</p> </li> <li> <p>Changed <code>ProxySchemeUnknown</code> error message to be more actionable if the user supplies a proxy URL without a scheme (Pull <a href="https://github-redirect.dependabot.com/urllib3/urllib3/issues/2107">#2107</a>)</p> </li> </ul> <p><strong>If you or your organization rely on urllib3 consider supporting us via <a href="https://github.com/sponsors/urllib3">GitHub Sponsors</a></strong></p> <h2>1.26.2</h2> <p>:warning: <strong>IMPORTANT: urllib3 v2.0 will drop support for Python 2</strong>: <a href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read more in the v2.0 Roadmap</a></p> <ul> <li>Fixed an issue where <code>wrap_socket</code> and <code>CERT_REQUIRED</code> wouldn't be imported properly on Python 2.7.8 and earlier (Pull <a href="https://github-redirect.dependabot.com/urllib3/urllib3/issues/2052">#2052</a>)</li> </ul> <h2>1.26.1</h2> <p>:warning: <strong>IMPORTANT: urllib3 v2.0 will drop support for Python 2</strong>: <a href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read more in the v2.0 Roadmap</a></p> <ul> <li>Fixed an issue where two <code>User-Agent</code> headers would be sent if a <code>User-Agent</code> header key is passed as <code>bytes</code> (Pull <a href="https://github-redirect.dependabot.com/urllib3/urllib3/issues/2047">#2047</a>)</li> </ul> <h2>1.26.0</h2> <p>:warning: <strong>IMPORTANT: urllib3 v2.0 will drop support for Python 2</strong>: <a href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read more in the v2.0 Roadmap</a></p> <ul> <li> <p>Added support for HTTPS proxies contacting HTTPS servers (Pull <a href="https://github-redirect.dependabot.com/urllib3/urllib3/issues/1923">#1923</a>, Pull <a href="https://github-redirect.dependabot.com/urllib3/urllib3/issues/1806">#1806</a>)</p> </li> <li> <p>Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning should opt-in explicitly by setting <code>ssl_version=ssl.PROTOCOL_TLSv1_1</code> (Pull <a href="https://github-redirect.dependabot.com/urllib3/urllib3/issues/2002">#2002</a>) <strong>Starting in urllib3 v2.0: Connections that receive a <code>DeprecationWarning</code> will fail</strong></p> </li> <li> <p>Deprecated <code>Retry</code> options <code>Retry.DEFAULT_METHOD_WHITELIST</code>, <code>Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> and <code>Retry(method_whitelist=...)</code> in favor of <code>Retry.DEFAULT_ALLOWED_METHODS</code>, <code>Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT</code>, and <code>Retry(allowed_methods=...)</code> (Pull <a href="https://github-redirect.dependabot.com/urllib3/urllib3/issues/2000">#2000</a>) <strong>Starting in urllib3 v2.0: Deprecated options will be removed</strong></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h2>1.26.5 (2021-05-26)</h2> <ul> <li>Fixed deprecation warnings emitted in Python 3.10.</li> <li>Updated vendored <code>six</code> library to 1.16.0.</li> <li>Improved performance of URL parser when splitting the authority component.</li> </ul> <h2>1.26.4 (2021-03-15)</h2> <ul> <li>Changed behavior of the default <code>SSLContext</code> when connecting to HTTPS proxy during HTTPS requests. The default <code>SSLContext</code> now sets <code>check_hostname=True</code>.</li> </ul> <h2>1.26.3 (2021-01-26)</h2> <ul> <li> <p>Fixed bytes and string comparison issue with headers (Pull <a href="https://github-redirect.dependabot.com/urllib3/urllib3/issues/2141">#2141</a>)</p> </li> <li> <p>Changed <code>ProxySchemeUnknown</code> error message to be more actionable if the user supplies a proxy URL without a scheme. (Pull <a href="https://github-redirect.dependabot.com/urllib3/urllib3/issues/2107">#2107</a>)</p> </li> </ul> <h2>1.26.2 (2020-11-12)</h2> <ul> <li>Fixed an issue where <code>wrap_socket</code> and <code>CERT_REQUIRED</code> wouldn't be imported properly on Python 2.7.8 and earlier (Pull <a href="https://github-redirect.dependabot.com/urllib3/urllib3/issues/2052">#2052</a>)</li> </ul> <h2>1.26.1 (2020-11-11)</h2> <ul> <li>Fixed an issue where two <code>User-Agent</code> headers would be sent if a <code>User-Agent</code> header key is passed as <code>bytes</code> (Pull <a href="https://github-redirect.dependabot.com/urllib3/urllib3/issues/2047">#2047</a>)</li> </ul> <h2>1.26.0 (2020-11-10)</h2> <ul> <li> <p><strong>NOTE: urllib3 v2.0 will drop support for Python 2</strong>. <code>Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html></code>_.</p> </li> <li> <p>Added support for HTTPS proxies contacting HTTPS servers (Pull <a href="https://github-redirect.dependabot.com/urllib3/urllib3/issues/1923">#1923</a>, Pull <a href="https://github-redirect.dependabot.com/urllib3/urllib3/issues/1806">#1806</a>)</p> </li> <li> <p>Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/d1616473df94b94f0f5ad19d2a6608cfe93b7cdf"><code>d161647</code></a> Release 1.26.5</li> <li><a href="https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec"><code>2d4a3fe</code></a> Improve performance of sub-authority splitting in URL</li> <li><a href="https://github.com/urllib3/urllib3/commit/2698537d52f8ff1f0bbb1d45cf018b118e91f637"><code>2698537</code></a> Update vendored six to 1.16.0</li> <li><a href="https://github.com/urllib3/urllib3/commit/07bed791e9c391d8bf12950f76537dc3c6f90550"><code>07bed79</code></a> Fix deprecation warnings for Python 3.10 ssl module</li> <li><a href="https://github.com/urllib3/urllib3/commit/d725a9b56bb8baf87c9e6eee0e9edf010034b63b"><code>d725a9b</code></a> Add Python 3.10 to GitHub Actions</li> <li><a href="https://github.com/urllib3/urllib3/commit/339ad34c677c98fd9ad008de1d8bbeb9dbf34381"><code>339ad34</code></a> Use pytest==6.2.4 on Python 3.10+</li> <li><a href="https://github.com/urllib3/urllib3/commit/f271c9c3149e20d7feffb6429b135bbb6c09ddf4"><code>f271c9c</code></a> Apply latest Black formatting</li> <li><a href="https://github.com/urllib3/urllib3/commit/1884878aac87ef0494b282e940c32c24ee917d52"><code>1884878</code></a> [1.26] Properly proxy EOF on the SSLTransport test suite</li> <li><a href="https://github.com/urllib3/urllib3/commit/a8913042b676c510e94fc2b097f6b514ae11a537"><code>a891304</code></a> Release 1.26.4</li> <li><a href="https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0"><code>8d65ea1</code></a> Merge pull request from GHSA-5phf-pp7p-vc2r</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.22...1.26.5">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in 18 days

push eventrpkinscherff/rpkinscherff.github.io

rpkinscherff

commit sha 56fa34aa6814d1ae17c75a6abd5500c839cb9267

Set theme jekyll-theme-cayman

view details

push time in a month

MemberEvent

PR opened CannyLab/cannylab.github.io

Bump nokogiri from 1.10.9 to 1.11.5

Bumps nokogiri from 1.10.9 to 1.11.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>1.11.5 / 2021-05-19</h2> <h3>Fixed</h3> <p>[Windows CRuby] Work around segfault at process exit on Windows when using libxml2 system DLLs.</p> <p>libxml 2.9.12 introduced new behavior to avoid memory leaks when unloading libxml2 shared libraries (see <a href="https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/66">libxml/!66</a>). Early testing caught this segfault on non-Windows platforms (see <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2059">#2059</a> and <a href="https://gitlab.gnome.org/GNOME/libxml2/-/commit/956534e02ef280795a187c16f6ac04e107f23c5d">libxml@956534e</a>) but it was incompletely fixed and is still an issue on Windows platforms that are using system DLLs.</p> <p>We work around this by configuring libxml2 in this situation to use its default memory management functions. Note that if Nokogiri is not on Windows, or is not using shared system libraries, it will will continue to configure libxml2 to use Ruby's memory management functions. <code>Nokogiri::VERSION_INFO["libxml"]["memory_management"]</code> will allow you to verify when the default memory management functions are being used. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2241">#2241</a>]</p> <h3>Added</h3> <p><code>Nokogiri::VERSION_INFO["libxml"]</code> now contains the key <code>"memory_management"</code> to declare whether libxml2 is using its <code>default</code> memory management functions, or whether it uses the memory management functions from <code>ruby</code>. See above for more details.</p> <h2>1.11.4 / 2021-05-14</h2> <h3>Security</h3> <p>[CRuby] Vendored libxml2 upgraded to v2.9.12 which addresses:</p> <ul> <li><a href="https://security.archlinux.org/CVE-2019-20388">CVE-2019-20388</a></li> <li><a href="https://security.archlinux.org/CVE-2020-24977">CVE-2020-24977</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3517">CVE-2021-3517</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3518">CVE-2021-3518</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3537">CVE-2021-3537</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3541">CVE-2021-3541</a></li> </ul> <p>Note that two additional CVEs were addressed upstream but are not relevant to this release. <a href="https://security.archlinux.org/CVE-2021-3516">CVE-2021-3516</a> via <code>xmllint</code> is not present in Nokogiri, and <a href="https://security.archlinux.org/CVE-2020-7595">CVE-2020-7595</a> has been patched in Nokogiri since v1.10.8 (see <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1992">#1992</a>).</p> <p>Please see <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64">nokogiri/GHSA-7rrm-v45f-jp64 </a> or <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2233">#2233</a> for a more complete analysis of these CVEs and patches.</p> <h3>Dependencies</h3> <ul> <li>[CRuby] vendored libxml2 is updated from 2.9.10 to 2.9.12. (Note that 2.9.11 was skipped because it was superseded by 2.9.12 a few hours after its release.)</li> </ul> <h2>1.11.3 / 2021-04-07</h2> <h3>Fixed</h3> <ul> <li>[CRuby] Passing non-<code>Node</code> objects to <code>Document#root=</code> now raises an <code>ArgumentError</code> exception. Previously this likely segfaulted. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1900">#1900</a>]</li> <li>[JRuby] Passing non-<code>Node</code> objects to <code>Document#root=</code> now raises an <code>ArgumentError</code> exception. Previously this raised a <code>TypeError</code> exception.</li> <li>[CRuby] arm64/aarch64 systems (like Apple's M1) can now compile libxml2 and libxslt from source (though we continue to strongly advise users to install the native gems for the best possible experience)</li> </ul> <h2>1.11.2 / 2021-03-11</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>1.11.5 / 2021-05-19</h2> <h3>Fixed</h3> <p>[Windows CRuby] Work around segfault at process exit on Windows when using libxml2 system DLLs.</p> <p>libxml 2.9.12 introduced new behavior to avoid memory leaks when unloading libxml2 shared libraries (see <a href="https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/66">libxml/!66</a>). Early testing caught this segfault on non-Windows platforms (see <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2059">#2059</a> and <a href="https://gitlab.gnome.org/GNOME/libxml2/-/commit/956534e02ef280795a187c16f6ac04e107f23c5d">libxml@956534e</a>) but it was incompletely fixed and is still an issue on Windows platforms that are using system DLLs.</p> <p>We work around this by configuring libxml2 in this situation to use its default memory management functions. Note that if Nokogiri is not on Windows, or is not using shared system libraries, it will will continue to configure libxml2 to use Ruby's memory management functions. <code>Nokogiri::VERSION_INFO["libxml"]["memory_management"]</code> will allow you to verify when the default memory management functions are being used. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2241">#2241</a>]</p> <h3>Added</h3> <p><code>Nokogiri::VERSION_INFO["libxml"]</code> now contains the key <code>"memory_management"</code> to declare whether libxml2 is using its <code>default</code> memory management functions, or whether it uses the memory management functions from <code>ruby</code>. See above for more details.</p> <h2>1.11.4 / 2021-05-14</h2> <h3>Security</h3> <p>[CRuby] Vendored libxml2 upgraded to v2.9.12 which addresses:</p> <ul> <li><a href="https://security.archlinux.org/CVE-2019-20388">CVE-2019-20388</a></li> <li><a href="https://security.archlinux.org/CVE-2020-24977">CVE-2020-24977</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3517">CVE-2021-3517</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3518">CVE-2021-3518</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3537">CVE-2021-3537</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3541">CVE-2021-3541</a></li> </ul> <p>Note that two additional CVEs were addressed upstream but are not relevant to this release. <a href="https://security.archlinux.org/CVE-2021-3516">CVE-2021-3516</a> via <code>xmllint</code> is not present in Nokogiri, and <a href="https://security.archlinux.org/CVE-2020-7595">CVE-2020-7595</a> has been patched in Nokogiri since v1.10.8 (see <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1992">#1992</a>).</p> <p>Please see <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64">nokogiri/GHSA-7rrm-v45f-jp64 </a> or <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2233">#2233</a> for a more complete analysis of these CVEs and patches.</p> <h3>Dependencies</h3> <ul> <li>[CRuby] vendored libxml2 is updated from 2.9.10 to 2.9.12. (Note that 2.9.11 was skipped because it was superseded by 2.9.12 a few hours after its release.)</li> </ul> <h2>1.11.3 / 2021-04-07</h2> <h3>Fixed</h3> <ul> <li>[CRuby] Passing non-<code>Node</code> objects to <code>Document#root=</code> now raises an <code>ArgumentError</code> exception. Previously this likely segfaulted. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1900">#1900</a>]</li> <li>[JRuby] Passing non-<code>Node</code> objects to <code>Document#root=</code> now raises an <code>ArgumentError</code> exception. Previously this raised a <code>TypeError</code> exception.</li> <li>[CRuby] arm64/aarch64 systems (like Apple's M1) can now compile libxml2 and libxslt from source (though we continue to strongly advise users to install the native gems for the best possible experience)</li> </ul> <h2>1.11.2 / 2021-03-11</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sparklemotion/nokogiri/commit/e43f521caa4b29deba4089bd83ae2709c19c5942"><code>e43f521</code></a> version bump to v1.11.5</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/42354e479ae5702faa8aaa0e46a771f99fd676e6"><code>42354e4</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2243">#2243</a> from sparklemotion/flavorjones-v1_11_x-update-tests-...</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/05f30eb4693cbfc900faced0b0ea172a8fc13df7"><code>05f30eb</code></a> update CHANGELOG</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/e6709aaa14b8f8cd9e842bd07bb7f2edf94a4d7c"><code>e6709aa</code></a> windows: work around libxml2 xmlCleanupParser</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/8f54c0fc5a85e4d384f5dacefdfd5f595cf858a4"><code>8f54c0f</code></a> test: adjust tests to pass on system libxml2 >= 2.9.11</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/3d8a57075aebdc647728181f0fd279ed3d063857"><code>3d8a570</code></a> ci: windows config for github actions</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/4b9bfe3849f0c2ce1fb81d66249e738aa5a4f46b"><code>4b9bfe3</code></a> update CHANGELOG with the GHSA</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/9d69b44ed3357b8069856083d39ee418cd10109b"><code>9d69b44</code></a> version bump to v1.11.4</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/058e87fdfda2cc2f309df098d18fe8856e785fcc"><code>058e87f</code></a> update CHANGELOG with complete CVE information</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/92852514a0d4621961deb6ce249441ff5140358f"><code>9285251</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2234">#2234</a> from sparklemotion/2233-upgrade-to-libxml-2-9-12</li> <li>Additional commits viewable in <a href="https://github.com/sparklemotion/nokogiri/compare/v1.10.9...v1.11.5">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+5 -3

0 comment

1 changed file

pr created time in a month

create barnchCannyLab/cannylab.github.io

branch : dependabot/bundler/nokogiri-1.11.5

created branch time in a month

PR opened CannyLab/cannylab.github.io

Bump rexml from 3.2.4 to 3.2.5

Bumps rexml from 3.2.4 to 3.2.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ruby/rexml/blob/master/NEWS.md">rexml's changelog</a>.</em></p> <blockquote> <h2>3.2.5 - 2021-04-05 {#version-3-2-5}</h2> <h3>Improvements</h3> <ul> <li> <p>Add more validations to XPath parser.</p> </li> <li> <p><code>require "rexml/document"</code> by default. [GitHub#36][Patch by Koichi ITO]</p> </li> <li> <p>Don't add <code>#dcloe</code> method to core classes globally. [GitHub#37][Patch by Akira Matsuda]</p> </li> <li> <p>Add more documentations. [Patch by Burdette Lamar]</p> </li> <li> <p>Added <code>REXML::Elements#parent</code>. [GitHub#52][Patch by Burdette Lamar]</p> </li> </ul> <h3>Fixes</h3> <ul> <li> <p>Fixed a bug that <code>REXML::DocType#clone</code> doesn't copy external ID information.</p> </li> <li> <p>Fixed round-trip vulnerability bugs. See also: <a href="https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/">https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/</a> [HackerOne#1104077][CVE-2021-28965][Reported by Juho Nurminen]</p> </li> </ul> <h3>Thanks</h3> <ul> <li> <p>Koichi ITO</p> </li> <li> <p>Akira Matsuda</p> </li> <li> <p>Burdette Lamar</p> </li> <li> <p>Juho Nurminen</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ruby/rexml/commit/a622645e980ea5b91ad7b4d6fec32d113f15df88"><code>a622645</code></a> Add 3.2.5 entry</li> <li><a href="https://github.com/ruby/rexml/commit/3c137eb119550874b2b3e27d12b733ca67033377"><code>3c137eb</code></a> Fix a parser bug that some data may be ignored before DOCTYPE</li> <li><a href="https://github.com/ruby/rexml/commit/9b311e59ae05749e082eb6bbefa1cb620d1a786e"><code>9b311e5</code></a> Fix a bug that invalid document declaration may be accepted</li> <li><a href="https://github.com/ruby/rexml/commit/f9d88e4948b4a43294c25dc0edb16815bd9d8618"><code>f9d88e4</code></a> Fix a bug that invalid document declaration may be generated</li> <li><a href="https://github.com/ruby/rexml/commit/f7bab8937513b1403cea5aff874cbf32fd5e8551"><code>f7bab89</code></a> Fix a bug that invalid element end may be accepted</li> <li><a href="https://github.com/ruby/rexml/commit/6a250d2cd1194c2be72becbdd9c3e770aa16e752"><code>6a250d2</code></a> Fix a bug that invalid element start may be accepted</li> <li><a href="https://github.com/ruby/rexml/commit/2fe62e29094d95921d7e19abbd2e26b23d78dc5b"><code>2fe62e2</code></a> Fix a bug that invalid notation declaration may be accepted</li> <li><a href="https://github.com/ruby/rexml/commit/a659c63e37414506dfb0d4655e031bb7a2e73fc8"><code>a659c63</code></a> Fix a bug that invalid notation declaration may be generated</li> <li><a href="https://github.com/ruby/rexml/commit/790dd113ce693ce831cbbc53f2f990a317643f75"><code>790dd11</code></a> Use ruby/setup-ruby (<a href="https://github-redirect.dependabot.com/ruby/rexml/issues/66">#66</a>)</li> <li><a href="https://github.com/ruby/rexml/commit/eda1b2007dd8751f381bf741f16c9e33c5d3e52a"><code>eda1b20</code></a> Clean up and enhance high-level RDoc (<a href="https://github-redirect.dependabot.com/ruby/rexml/issues/65">#65</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ruby/rexml/compare/v3.2.4...v3.2.5">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in 2 months

create barnchCannyLab/cannylab.github.io

branch : dependabot/bundler/rexml-3.2.5

created branch time in 2 months

startedbenelot/pybullet-gym

started time in 2 months

push eventCannyLab/cannylab.github.io

DavidMChan

commit sha f1572e61de2572d02b5ccd26c43105ee940e4020

Updated papers

view details

push time in 3 months

PR opened CannyLab/cannylab.github.io

Bump kramdown from 2.3.0 to 2.3.1

Bumps kramdown from 2.3.0 to 2.3.1. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/gettalong/kramdown/commits">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in 3 months

create barnchCannyLab/cannylab.github.io

branch : dependabot/bundler/kramdown-2.3.1

created branch time in 3 months

PR opened AustenZhu/Deep-Reinforcement-Learning-in-Zipline

Bump pygments from 2.2.0 to 2.7.4 in /zipdl/data/notebooks/Quantopian Algo Runner Slack Bot

Bumps pygments from 2.2.0 to 2.7.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pygments/pygments/releases">pygments's releases</a>.</em></p> <blockquote> <h2>2.7.4</h2> <ul> <li> <p>Updated lexers:</p> <ul> <li> <p>Apache configurations: Improve handling of malformed tags (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1656">#1656</a>)</p> </li> <li> <p>CSS: Add support for variables (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1633">#1633</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1666">#1666</a>)</p> </li> <li> <p>Crystal (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1650">#1650</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1670">#1670</a>)</p> </li> <li> <p>Coq (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1648">#1648</a>)</p> </li> <li> <p>Fortran: Add missing keywords (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1635">#1635</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1665">#1665</a>)</p> </li> <li> <p>Ini (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1624">#1624</a>)</p> </li> <li> <p>JavaScript and variants (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1647">#1647</a> -- missing regex flags, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1651">#1651</a>)</p> </li> <li> <p>Markdown (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1623">#1623</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1617">#1617</a>)</p> </li> <li> <p>Shell</p> <ul> <li>Lex trailing whitespace as part of the prompt (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1645">#1645</a>)</li> <li>Add missing <code>in</code> keyword (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1652">#1652</a>)</li> </ul> </li> <li> <p>SQL - Fix keywords (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1668">#1668</a>)</p> </li> <li> <p>Typescript: Fix incorrect punctuation handling (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1510">#1510</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1511">#1511</a>)</p> </li> </ul> </li> <li> <p>Fix infinite loop in SML lexer (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1625">#1625</a>)</p> </li> <li> <p>Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1637">#1637</a>)</p> </li> <li> <p>Limit recursion with nesting Ruby heredocs (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1638">#1638</a>)</p> </li> <li> <p>Fix a few inefficient regexes for guessing lexers</p> </li> <li> <p>Fix the raw token lexer handling of Unicode (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1616">#1616</a>)</p> </li> <li> <p>Revert a private API change in the HTML formatter (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1655">#1655</a>) -- please note that private APIs remain subject to change!</p> </li> <li> <p>Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1675">#1675</a>)</p> </li> <li> <p>Fix incorrect MATLAB example (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1582">#1582</a>)</p> </li> </ul> <p>Thanks to Google's OSS-Fuzz project for finding many of these bugs.</p> <h2>2.7.3</h2> <ul> <li> <p>Updated lexers:</p> <ul> <li>Ada (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1581">#1581</a>)</li> <li>HTML (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1615">#1615</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1614">#1614</a>)</li> <li>Java (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1594">#1594</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1586">#1586</a>)</li> <li>JavaScript (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1605">#1605</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1589">#1589</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1588">#1588</a>)</li> <li>JSON (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1569">#1569</a> -- this is a complete rewrite)</li> <li>Lean (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1601">#1601</a>)</li> <li>LLVM (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1612">#1612</a>)</li> <li>Mason (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1592">#1592</a>)</li> <li>MySQL (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1555">#1555</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1551">#1551</a>)</li> <li>Rust (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1608">#1608</a>)</li> <li>Turtle (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1590">#1590</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1553">#1553</a>)</li> </ul> </li> <li> <p>Deprecated JsonBareObjectLexer, which is now identical to JsonLexer (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1600">#1600</a>)</p> </li> <li> <p>The <code>ImgFormatter</code> now calculates the exact character width, which fixes some issues with overlapping text (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1213">#1213</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1611">#1611</a>)</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pygments/pygments/blob/master/CHANGES">pygments's changelog</a>.</em></p> <blockquote> <h2>Version 2.7.4</h2> <p>(released January 12, 2021)</p> <ul> <li> <p>Updated lexers:</p> <ul> <li> <p>Apache configurations: Improve handling of malformed tags (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1656">#1656</a>)</p> </li> <li> <p>CSS: Add support for variables (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1633">#1633</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1666">#1666</a>)</p> </li> <li> <p>Crystal (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1650">#1650</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1670">#1670</a>)</p> </li> <li> <p>Coq (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1648">#1648</a>)</p> </li> <li> <p>Fortran: Add missing keywords (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1635">#1635</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1665">#1665</a>)</p> </li> <li> <p>Ini (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1624">#1624</a>)</p> </li> <li> <p>JavaScript and variants (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1647">#1647</a> -- missing regex flags, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1651">#1651</a>)</p> </li> <li> <p>Markdown (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1623">#1623</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1617">#1617</a>)</p> </li> <li> <p>Shell</p> <ul> <li>Lex trailing whitespace as part of the prompt (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1645">#1645</a>)</li> <li>Add missing <code>in</code> keyword (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1652">#1652</a>)</li> </ul> </li> <li> <p>SQL - Fix keywords (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1668">#1668</a>)</p> </li> <li> <p>Typescript: Fix incorrect punctuation handling (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1510">#1510</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1511">#1511</a>)</p> </li> </ul> </li> <li> <p>Fix infinite loop in SML lexer (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1625">#1625</a>)</p> </li> <li> <p>Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1637">#1637</a>)</p> </li> <li> <p>Limit recursion with nesting Ruby heredocs (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1638">#1638</a>)</p> </li> <li> <p>Fix a few inefficient regexes for guessing lexers</p> </li> <li> <p>Fix the raw token lexer handling of Unicode (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1616">#1616</a>)</p> </li> <li> <p>Revert a private API change in the HTML formatter (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1655">#1655</a>) -- please note that private APIs remain subject to change!</p> </li> <li> <p>Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1675">#1675</a>)</p> </li> <li> <p>Fix incorrect MATLAB example (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1582">#1582</a>)</p> </li> </ul> <p>Thanks to Google's OSS-Fuzz project for finding many of these bugs.</p> <h2>Version 2.7.3</h2> <p>(released December 6, 2020)</p> <ul> <li> <p>Updated lexers:</p> <ul> <li>Ada (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1581">#1581</a>)</li> <li>HTML (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1615">#1615</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1614">#1614</a>)</li> <li>Java (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1594">#1594</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1586">#1586</a>)</li> <li>JavaScript (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1605">#1605</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1589">#1589</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1588">#1588</a>)</li> <li>JSON (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1569">#1569</a> -- this is a complete rewrite)</li> <li>Lean (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1601">#1601</a>)</li> <li>LLVM (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1612">#1612</a>)</li> <li>Mason (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1592">#1592</a>)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pygments/pygments/commit/4d555d0fffc914a2a4ac9874416cdaaf8f8c9e74"><code>4d555d0</code></a> Bump version to 2.7.4.</li> <li><a href="https://github.com/pygments/pygments/commit/fc3b05ddf25933e45f670534f79fd1df870e142a"><code>fc3b05d</code></a> Update CHANGES.</li> <li><a href="https://github.com/pygments/pygments/commit/ad21935815ff6402d402b036e204f0333a77031b"><code>ad21935</code></a> Revert "Added dracula theme style (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1636">#1636</a>)"</li> <li><a href="https://github.com/pygments/pygments/commit/e411506a23a39f4487ecc36afb616cc4715eb571"><code>e411506</code></a> Prepare for 2.7.4 release.</li> <li><a href="https://github.com/pygments/pygments/commit/275e34d8f0d265bd474f269471b41c635fe559ff"><code>275e34d</code></a> doc: remove Perl 6 ref</li> <li><a href="https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14"><code>2e7e8c4</code></a> Fix several exponential/cubic complexity regexes found by Ben Caller/Doyensec</li> <li><a href="https://github.com/pygments/pygments/commit/eb39c43b6ef992abadb0d25f0504d0cf2f3ccd86"><code>eb39c43</code></a> xquery: fix pop from empty stack</li> <li><a href="https://github.com/pygments/pygments/commit/2738778c0b9c615bfcae68972fc656d351d676ca"><code>2738778</code></a> fix coding style in test_analyzer_lexer</li> <li><a href="https://github.com/pygments/pygments/commit/02e0f09d796cca5174181e7ae3971cdc010e39b0"><code>02e0f09</code></a> Added 'ERROR STOP' to fortran.py keywords. (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1665">#1665</a>)</li> <li><a href="https://github.com/pygments/pygments/commit/c83fe4888868f79415b50f050c047dc7fe11fd3b"><code>c83fe48</code></a> support added for css variables (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1633">#1633</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pygments/pygments/compare/2.2.0...2.7.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in 3 months

delete branch AustenZhu/Deep-Reinforcement-Learning-in-Zipline

delete branch : dependabot/pip/zipdl/data/notebooks/Quantopian-Algo-Runner-Slack-Bot/pyyaml-5.1

delete time in 3 months

PR closed AustenZhu/Deep-Reinforcement-Learning-in-Zipline

Bump pyyaml from 3.11 to 5.1 in /zipdl/data/notebooks/Quantopian Algo Runner Slack Bot dependencies

Bumps pyyaml from 3.11 to 5.1. <details> <summary>Changelog</summary>

Sourced from pyyaml's changelog.

5.1 (2019-03-13)

3.13 (2018-07-05)

  • Resolved issues around PyYAML working in Python 3.7.

3.12 (2016-08-28)

  • Wheel packages for Windows binaries.
  • Adding an implicit resolver to a derived loader should not affect the base loader.
  • Uniform representation for OrderedDict? across different versions of Python.
  • Fixed comparison to None warning. </details> <details> <summary>Commits</summary>
  • e471e86 Updates for 5.1 release
  • 9141e90 Windows Appveyor build
  • d6cbff6 Skip certain unicode tests when maxunicode not > 0xffff
  • 69103ba Update .travis.yml to use libyaml 0.2.2
  • 91c9435 Squash/merge pull request #105 from nnadeau/patch-1
  • 507a464 Make default_flow_style=False
  • 07c88c6 Allow to turn off sorting keys in Dumper
  • 611ba39 Include license file in the generated wheel package
  • 857dff1 Apply FullLoader/UnsafeLoader changes to lib3
  • 0cedb2a Deprecate/warn usage of yaml.load(input)
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

1 comment

1 changed file

dependabot[bot]

pr closed time in 3 months

PR opened AustenZhu/Deep-Reinforcement-Learning-in-Zipline

Bump pyyaml from 3.11 to 5.4 in /zipdl/data/notebooks/Quantopian Algo Runner Slack Bot

Bumps pyyaml from 3.11 to 5.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/yaml/pyyaml/blob/master/CHANGES">pyyaml's changelog</a>.</em></p> <blockquote> <p>5.4 (2021-01-19)</p> <ul> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/407">yaml/pyyaml#407</a> -- Build modernization, remove distutils, fix metadata, build wheels, CI to GHA</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/472">yaml/pyyaml#472</a> -- Fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/441">yaml/pyyaml#441</a> -- Fix memory leak in implicit resolver setup</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/392">yaml/pyyaml#392</a> -- Fix py2 copy support for timezone objects</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/378">yaml/pyyaml#378</a> -- Fix compatibility with Jython</li> </ul> <p>5.3.1 (2020-03-18)</p> <ul> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/386">yaml/pyyaml#386</a> -- Prevents arbitrary code execution during python/object/new constructor</li> </ul> <p>5.3 (2020-01-06)</p> <ul> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/290">yaml/pyyaml#290</a> -- Use <code>is</code> instead of equality for comparing with <code>None</code></li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/270">yaml/pyyaml#270</a> -- Fix typos and stylistic nit</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/309">yaml/pyyaml#309</a> -- Fix up small typo</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/161">yaml/pyyaml#161</a> -- Fix handling of <strong>slots</strong></li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/358">yaml/pyyaml#358</a> -- Allow calling add_multi_constructor with None</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/285">yaml/pyyaml#285</a> -- Add use of safe_load() function in README</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/351">yaml/pyyaml#351</a> -- Fix reader for Unicode code points over 0xFFFF</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/360">yaml/pyyaml#360</a> -- Enable certain unicode tests when maxunicode not > 0xffff</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/359">yaml/pyyaml#359</a> -- Use full_load in yaml-highlight example</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/244">yaml/pyyaml#244</a> -- Document that PyYAML is implemented with Cython</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/329">yaml/pyyaml#329</a> -- Fix for Python 3.10</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/310">yaml/pyyaml#310</a> -- Increase size of index, line, and column fields</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/260">yaml/pyyaml#260</a> -- Remove some unused imports</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/163">yaml/pyyaml#163</a> -- Create timezone-aware datetimes when parsed as such</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/363">yaml/pyyaml#363</a> -- Add tests for timezone</li> </ul> <h2>5.2 (2019-12-02)</h2> <ul> <li>Repair incompatibilities introduced with 5.1. The default Loader was changed, but several methods like add_constructor still used the old default <a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/279">yaml/pyyaml#279</a> -- A more flexible fix for custom tag constructors <a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/287">yaml/pyyaml#287</a> -- Change default loader for yaml.add_constructor <a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/305">yaml/pyyaml#305</a> -- Change default loader for add_implicit_resolver, add_path_resolver</li> <li>Make FullLoader safer by removing python/object/apply from the default FullLoader <a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/347">yaml/pyyaml#347</a> -- Move constructor for object/apply to UnsafeConstructor</li> <li>Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff <a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/276">yaml/pyyaml#276</a> -- Fix logic for quoting special characters</li> <li>Other PRs: <a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/280">yaml/pyyaml#280</a> -- Update CHANGES for 5.1</li> </ul> <h2>5.1.2 (2019-07-30)</h2> <ul> <li>Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b2+</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/yaml/pyyaml/commit/58d0cb7ee09954c67fabfbd714c5673b03e7a9e1"><code>58d0cb7</code></a> 5.4 release</li> <li><a href="https://github.com/yaml/pyyaml/commit/a60f7a19c0b418fe95fcf2ec0957005ae39e1090"><code>a60f7a1</code></a> Fix compatibility with Jython</li> <li><a href="https://github.com/yaml/pyyaml/commit/ee98abd7d7bd2ca9c7b98aa19164fd0306a3f3d2"><code>ee98abd</code></a> Run CI on PR base branch changes</li> <li><a href="https://github.com/yaml/pyyaml/commit/ddf20330be1fae8813b8ce1789c48f244746d252"><code>ddf2033</code></a> constructor.timezone: _<em>copy</em> & <strong>deepcopy</strong></li> <li><a href="https://github.com/yaml/pyyaml/commit/fc914d52c43f499224f7fb4c2d4c47623adc5b33"><code>fc914d5</code></a> Avoid repeatedly appending to yaml_implicit_resolvers</li> <li><a href="https://github.com/yaml/pyyaml/commit/a001f2782501ad2d24986959f0239a354675f9dc"><code>a001f27</code></a> Fix for CVE-2020-14343</li> <li><a href="https://github.com/yaml/pyyaml/commit/fe150624146ee631bb0f95e45731e8b01281fed6"><code>fe15062</code></a> Add 3.9 to appveyor file for completeness sake</li> <li><a href="https://github.com/yaml/pyyaml/commit/1e1c7fb7c09e9149967c208a6fd07276a6140d57"><code>1e1c7fb</code></a> Add a newline character to end of pyproject.toml</li> <li><a href="https://github.com/yaml/pyyaml/commit/0b6b7d61719fbe0a11f0980489f1bf8ce746c164"><code>0b6b7d6</code></a> Start sentences and phrases for capital letters</li> <li><a href="https://github.com/yaml/pyyaml/commit/c97691596eec279ef9191a9b3bba583a17139d5a"><code>c976915</code></a> Shell code improvements</li> <li>Additional commits viewable in <a href="https://github.com/yaml/pyyaml/compare/3.11...5.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in 3 months