That's fair enough. :)

I will leave this around and see if there's any more interest before we pull the trigger on this. Adding options can be a slippery slope.

In the meantime, you could make a userscript to change the font, or maybe even something like Instapaper/Pocket.

@jefftriplett thank you!

@morenoh149 fair point -- I've documented how static assets work in the readme.

Making it a GitHub template is a bit complicated I think, because it's currently designed to be used as a Django template (where {{ project_name }} is replaced, etc). That would be all broken if people created new repositories from a GitHub template.

Hmm -- interesting. If this works in normal TeX, sounds like LaTeXML loads multiple packages on a single line in a different order, or something like that. This is an upstream issue in LaTeXML, so might be worth filing an issue there to see what they think: https://github.com/brucemiller/LaTeXML

Ah -- sounds like the problem is the images are too small. :)

This is a known issue, and this is the closest ticket: https://github.com/arxiv-vanity/engrafo/issues/530

Pushed your suggested changes in both places.

Sounds good! I could nitpick further but this is much better than what is already there. 😂

@sergiev What device and screen size are you on, out of interest? Would you rather it be smaller or larger?

Maybe the default can be changed as a stop gap!

Actually, the documentation says this is still the case, unless the documentation is wrong:

Compose is a tool for defining and running multi-container Docker applications.

A tool, not a specification!

Maybe to side step this problem it could just be "Show version of this command and its dependencies", haha.

Or, just "Show version".

In my day "Docker Compose" was the software, "Compose" was a short hand, and docker-compose was only ever used in documentation to refer to the command you were calling. Maybe that's changed? Either way, surely it shouldn't be "Docker-Compose" (capitalized with a dash)? :)

Just a little thing. I was looking at docker-compose --help and saw "Docker-Compose" and cringed a little. :)

We quite often get requests about this.

My comment above is now out of date. We now use LaTeXML, not Pandoc. But LaTeXML also supports ePub output!

There are a few parts to this work I think:

1. Playing around with ePub output from LaTeXML and seeing what it's like. It might need transformation, like Engrafo does to HTML, in which case perhaps Engrafo shoudl have an ePub output, or perhaps something else entirely is needed.
2. Render in arXiv vanity somehow. My feeling is that ePubs should be generated on-demand separately from the HTML, because much fewer people will be reading them. There needs to be some logic that'll generate ePub renders for papers and cache them, like is done with HTML.
3. User interface. This is downloading something rather than just displaying it, and it needs to sit there and render for a bit, so some consideration to how the UI is going to work is needed.

Made an implementation of JSNES here: https://github.com/HTV04/htv04.github.io/blob/master/webnes-ce/js/webnes.js

But for whatever reason, the audio is high-pitched. I don't know how to fix this, and I don't know if this is a problem with JSNES or my code.

I'll add something to this effect to the home page...

Thanks for the fix @NESblast!

Generally, your best bet is to use the Emulator component in jsnes-web. That's the thing actually in use and has pretty complex, battle tested timing logic. Usage is here: https://github.com/bfirsh/jsnes-web/blob/d3c35eec11986412626cbd08668dbac700e08751/src/RunPage.js#L119-L125

Hi, these two little changes appear to make the Embed demo run smoother at 60FPS and the sound run correctly. I wouldn't merge these right away or anything, but i just thought you should know! Great project!

Nice -- thanks! That demo is pretty scrappy, so I'll take your word that this makes it better. :)

I am thinking of this primarily from a user's point of view. I can understand how profiles might make sense from an architectural point of view but from a user's point of view, frankly it is confusing and doesn't map with my intent.

I have a test script, and I want to run the test script. I'm not switching between modes or profiles.

What does a profile mean exactly? Could you explain it to me as if I were a user? What other use-cases are there for profiles?

Background & problem

Users quite often define maintenance scripts, test suites, debugging systems in their Compose files which they don't want to run when they do docker-compose up.

Personally, this is something I've wanted since almost the start. My daily paper cut is writing docker-compose run web ./test.sh instead of docker-compose run test.

I wrote a diplomatic aggregation of potential solutions and data points in #1896. This is an opinionated proposed solution we can use as a strawman.

Proposed solution

I propose we add a top-level tasks configuration option, which takes the same options as the services option. It's a bit like a service, but doesn't start when you run docker-compose up. It only works with docker-compose run. Service and task names must be unique so they don't collide.

As an example, let's add a task to the Django getting started guide app:

services:
  db:
    image: postgres
    environment:
      - POSTGRES_DB=postgres
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=postgres
  web:
    build: .
    command: python manage.py runserver 0.0.0.0:8000
    volumes:
      - .:/code
    ports:
      - "8000:8000"
    depends_on:
      - db
tasks:
  test:
    build: .
    entrypoint: python manage.py test
    depends_on:
     - db

You would run the tests by running docker-compose run test.

Because we've specified entrypoint in the task definition, we can also pass arguments to the tests: docker-compose run test myapp/test_views.py

Questions

• What am I not thinking about?
• tasks is a nice bike shed -- go at it
• How does this interact with Compose spec?
• Having to specify entrypoint instead of command is a bit clumsy. Users will automatically write command then wonder why their arguments aren't working as expected. Maybe there is a better solution here?

/cc @aanand @shin- in case there is any historical knowledge I am not aware of. (hi!)

Netcat is to make the test script work.

I can't remember why ctags is in there... I think it might be related to the VSCode environment, to make some kind of autocomplete work?

Tooting my own horn a bit here, but none of these other boilerplates worked for me so I made my own. Hopefully as useful for others as it has been for me!

Release Environments

release-example-voting-app3 vote-ted23e8-release-example-voting-app3.releaseapp.io result-ted23e8-release-example-voting-app3.releaseapp.io

Bumps gunicorn from 19.9.0 to 20.0.4. <details> <summary>Release notes</summary>

Sourced from gunicorn's releases.

20.0.4

• fix binding a socket using the file descriptor
• remove support for the bdist_rpm build

20.0.3

• fixed load of a config file without a Python extension
• fixed socketfromfd.fromfd when defaults are not set

note: we now warn when we load a config file without Python Extension

20.0.2

• fix changelog

20.0.1

• fixed the way the config module is loaded. __file__ is now available
• fixed wsgi.input_terminated. It is always true.
• use the highest protocol version of openssl by default
• only support Python >= 3.5
• added __repr__ method to Config instance
• fixed support of AIX platform and musl libc in socketfromfd.fromfd function
• fixed support of applications loaded from a factory function
• fixed chunked encoding support to prevent any request smuggling <https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn>_
• Capture os.sendfile before patching in gevent and eventlet workers. fix RecursionError.
• removed locking in reloader when adding new files
• load the WSGI application before the loader to pick up all files

note this release add official support for applications loaded from a factory function as documented in Flask and other places.

20.0

• Fixed fdopen RuntimeWarning in Python 3.8
• Added check and exception for str type on value in Response process_headers method.
• Ensure WSGI header value is string before conducting regex search on it.
• Added pypy3 to list of tested environments
• Grouped StopIteration and KeyboardInterrupt exceptions with same body together in Arbiter.run()
• Added setproctitle module to extras_require in setup.py
• Avoid unnecessary chown of temporary files
• Logging: Handle auth type case insensitively
• Removed util.import_module
• Removed fallback for types.SimpleNamespace in tests utils
• Use SourceFileLoader instead instead of execfile_
• Use importlib instead of __import__ and eval`
• Fixed eventlet patching
• Added optional datadog <https://www.datadoghq.com>_ tags for statsd metrics
• Header values now are encoded using latin-1, not ascii.
• Rewritten parse_address util added test
• Removed redundant super() arguments </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

• 5d0c778 bump to 20.0.4
• 67cb620 remove socketfromfd module
• c583377 Revert "socketfromfd: remove python 2 compatibility"
• ab25bae Revert "socketfromfd: fix cross platform usage"
• 8c759dd Revert "fix linting on python 3.8"
• d530e67 Revert "refactor module"
• 5bae77c Merge branch '20.x'
• d95ed44 point website to last version
• 0c3af6e Merge branch 'master' into 20.x
• f646bde fix bad cherry-picking
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

</details>

Bumps django from 3.0.5 to 3.0.7. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/django/django/commit/44da7abda848f05caaed74f6a749038c87dedfda"><code>44da7ab</code></a> [3.0.x] Bumped version for 3.0.7 release.</li> <li><a href="https://github.com/django/django/commit/84b2da5552e100ae3294f564f6c862fef8d0e693"><code>84b2da5</code></a> [3.0.x] Fixed CVE-2020-13254 -- Enforced cache key validation in memcached ba...</li> <li><a href="https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38"><code>1f2dd37</code></a> [3.0.x] Fixed CVE-2020-13596 -- Fixed potential XSS in admin ForeignKeyRawIdW...</li> <li><a href="https://github.com/django/django/commit/256d29710193f7a2f1e92abe96c94d036f73edc6"><code>256d297</code></a> [3.0.x] Added release date for 2.2.13 and 3.0.7.</li> <li><a href="https://github.com/django/django/commit/8734a02f5d70d3d324edc96aaa763a6e8b4eb371"><code>8734a02</code></a> [3.0.x] Updated link to Celery.</li> <li><a href="https://github.com/django/django/commit/d22f67848ca1b5b34eb09b58c866a80eae3c7da1"><code>d22f678</code></a> [3.0.x] Refs <a href="https://github-redirect.dependabot.com/django/django/issues/31485">#31485</a> -- Backported jQuery upgrade to 3.5.1.</li> <li><a href="https://github.com/django/django/commit/b9db04178939bb737f1343089af021ede0da50d9"><code>b9db041</code></a> [3.0.x] Adjusted URL example in tutorial.</li> <li><a href="https://github.com/django/django/commit/caf7c4630da304474115a7c41cbb1df930593a73"><code>caf7c46</code></a> [3.0.x] Fixed <a href="https://github-redirect.dependabot.com/django/django/issues/31643">#31643</a> -- Changed virtualenv doc references to Python 3 venv.</li> <li><a href="https://github.com/django/django/commit/9297a3e6275ed13bfaecc147644960906ed5063b"><code>9297a3e</code></a> [3.0.x] Fixed typo in docs/ref/templates/language.txt.</li> <li><a href="https://github.com/django/django/commit/2638627db45766a300279197b2d6f299a5ea841f"><code>2638627</code></a> [3.0.x] Fixed <a href="https://github-redirect.dependabot.com/django/django/issues/31570">#31570</a> -- Corrected translation loading for apps providing terr...</li> <li>Additional commits viewable in <a href="https://github.com/django/django/compare/3.0.5...3.0.7">compare view</a></li> </ul> </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

Bumps django from 2.2.10 to 2.2.13. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/django/django/commit/8093aaa8ff9dd7386a069c6eb49fcc1c5980c033"><code>8093aaa</code></a> [2.2.x] Bumped version for 2.2.13 release.</li> <li><a href="https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206"><code>07e59ca</code></a> [2.2.x] Fixed CVE-2020-13254 -- Enforced cache key validation in memcached ba...</li> <li><a href="https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815"><code>6d61860</code></a> [2.0.x] Fixed CVE-2020-13596 -- Fixed potential XSS in admin ForeignKeyRawIdW...</li> <li><a href="https://github.com/django/django/commit/7e1084ead07b10e36d391f5366f411c58fbcc4c2"><code>7e1084e</code></a> [2.2.x] Added release date for 2.2.13.</li> <li><a href="https://github.com/django/django/commit/2b69680264aabb94661b4f67a8e70d522070dc2a"><code>2b69680</code></a> [2.2.x] Refs <a href="https://github-redirect.dependabot.com/django/django/issues/31485">#31485</a> -- Backported jQuery upgrade to 3.5.1.</li> <li><a href="https://github.com/django/django/commit/8301bc9cfad588074375edadfe0f19024dc217f8"><code>8301bc9</code></a> [2.2.x] Fixed E128, E741 flake8 warnings.</li> <li><a href="https://github.com/django/django/commit/c7bab8d2b7160a635a6f55e4d89e0a2e66d1679c"><code>c7bab8d</code></a> [2.2.x] Fixed term warning on Sphinx 3.0.1+.</li> <li><a href="https://github.com/django/django/commit/79baf338aef2ac21d3d29ee56e85f69678eef1a1"><code>79baf33</code></a> [2.2.x] Fixed highlightlang deprecation warning on Sphinx 1.8+.</li> <li><a href="https://github.com/django/django/commit/151a83e92c1a457baf028160ed9191405b869df6"><code>151a83e</code></a> [2.2.x] Fixed CodeBlock deprecation warning on Sphinx 2.1+.</li> <li><a href="https://github.com/django/django/commit/b0d810a77bbed01d45f92df93195f7bdc8d4da62"><code>b0d810a</code></a> [2.2.x] Fixed Sphinx warnings on duplicate object descriptions.</li> <li>Additional commits viewable in <a href="https://github.com/django/django/compare/2.2.10...2.2.13">compare view</a></li> </ul> </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

@sanscontext ah! hi! :D

Thanks y'all for the speedy response. :)

I just wasted 30 mins reading analytics.go trying to figure out why my code wasn't working, until I realised the notice in the readme that the current version is in another branch.

A few potential solutions

• Change the GitHub default branch to v3.0
• Make the notice in the readme clearer (it is very easy to skip over at the moment!)
• Do something clever to make master backwards compatible (I am not a go packaging expert, so maybe this is not possible...)

Hi @itscodezada17! Thank you!

If you look on that paper, you'll see that the footnote in the title is pushed off to the side of the page. I'm not sure what the best solution here is, but that's obviously broken. Maybe the footnote should be underneath the title, to the right of the authors.

Thanks for the report!

One of the great things about outputting HTML is it can be accessible. Let's do the best we can to make that true.

• [ ] Try out Engrafo with a screen reader #566
• [ ] Work with somebody who has impaired sight. (Maybe this person?)

Bumps pillow from 6.1.0 to 6.2.1. <details> <summary>Release notes</summary>

Sourced from pillow's releases.

6.2.1

https://pillow.readthedocs.io/en/stable/releasenotes/6.2.1.html

6.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/6.2.0.html </details> <details> <summary>Changelog</summary>

Sourced from pillow's changelog.

6.2.1 (2019-10-20)

• This is the last Pillow release to support Python 2.7 #3642
• Add support for Python 3.8 #4141 [hugovk]

6.2.0 (2019-10-01)

• Catch buffer overruns #4104 [radarhere]
• Initialize rows_per_strip when RowsPerStrip tag is missing #4034 [cgohlke, radarhere]
• Raise error if TIFF dimension is a string #4103 [radarhere]
• Added decompression bomb checks #4102 [radarhere]
• Fix ImageGrab.grab DPI scaling on Windows 10 version 1607+ #4000 [nulano, radarhere]
• Corrected negative seeks #4101 [radarhere]
• Added argument to capture all screens on Windows #3950 [nulano, radarhere]
• Updated warning to specify when Image.frombuffer defaults will change #4086 [radarhere]
• Changed WindowsViewer format to PNG #4080 [radarhere]
• Use TIFF orientation #4063 [radarhere]
• Raise the same error if a truncated image is loaded a second time #3965 [radarhere]
• Lazily use ImageFileDirectory_v1 values from Exif #4031 [radarhere]
• Improved HSV conversion #4004 [radarhere]
• Added text stroking #3978 [radarhere, hugovk]
• No more deprecated bdist_wininst .exe installers #4029 [hugovk]
• Do not allow floodfill to extend into negative coordinates #4017 [radarhere]
• Fixed arc drawing bug for a non-whole number of degrees #4014 [radarhere]
• Fix bug when merging identical images to GIF with a list of durations #4003 [djy0, radarhere]
• Fix bug in TIFF loading of BufferedReader #3998 [chadawagner]
• Added fallback for finding ld on MinGW Cygwin #4019 [radarhere]
• Remove indirect dependencies from requirements.txt #3976 [hugovk]
• Depends: Update libwebp to 1.0.3 #3983, libimagequant to 2.12.5 #3993, freetype to 2.10.1 #3991 [radarhere]
• Change overflow check to use PY_SSIZE_T_MAX #3964 [radarhere]
• Report reason for pytest skips #3942 [hugovk] </details> <details> <summary>Commits</summary>

• 6e0f07b Pillow 6.2.1 is the last to support Python 2.7
• 39d26d3 6.2.1 version bump
• ee9e21a Add release notes for Pillow 6.2.1
• efcfb91 Update CHANGES.rst [CI skip]
• f97c4dd 6.2.x: Add support for Python 3.8 (#4151)
• b78edcc Add support for Python 3.8
• 8a30d13 Updated CHANGES.rst [ci skip]
• 75602d1 6.2.0 version bump
• 4756af9 Updated CHANGES.rst [ci skip]
• cc16025 Merge pull request #4104 from radarhere/overrun
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

</details>

Bumps pytz from 2019.2 to 2020.1. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/stub42/pytz/commit/164d6af6dc335c0adf6f7fa97800b6fa6d17cc9f"><code>164d6af</code></a> Fix reST lint</li> <li><a href="https://github.com/stub42/pytz/commit/416edf6d6d1b25b70a7acd9dc7851eaa4cf9e822"><code>416edf6</code></a> Test against Python 3.8 and Python 3.9</li> <li><a href="https://github.com/stub42/pytz/commit/b25606afe32681a98c68c51e5703173408d9e69b"><code>b25606a</code></a> Bump version numbers to 2020.1/2020a</li> <li><a href="https://github.com/stub42/pytz/commit/238b4f65aba1677ec5a8138183852a7f87243a54"><code>238b4f6</code></a> Base class for all errors</li> <li><a href="https://github.com/stub42/pytz/commit/fb8b146c058dafb9611a2dd9aa210d376d10a856"><code>fb8b146</code></a> Add flake8 settings</li> <li><a href="https://github.com/stub42/pytz/commit/a11229c46f79ed377ff8e1006ccb98b1b38c4ad0"><code>a11229c</code></a> IANA 2020a</li> <li><a href="https://github.com/stub42/pytz/commit/bc11842827a7379d99ff529674e1084a0a32a245"><code>bc11842</code></a> Squashed 'tz/' changes from 765984a93..13af01673</li> <li><a href="https://github.com/stub42/pytz/commit/7b1a844c8ecf2996142ac0eb32201b676e9dcb9a"><code>7b1a844</code></a> Fix remaining references to README.txt</li> <li><a href="https://github.com/stub42/pytz/commit/f6fd61862d51b78b72d72dbf5496d1429a6b52d6"><code>f6fd618</code></a> Update README.md</li> <li><a href="https://github.com/stub42/pytz/commit/fd39cf15e12f368ce42f51f0ec59f508c26c84c3"><code>fd39cf1</code></a> Use .rst extension for reStructuredText</li> <li>Additional commits viewable in <a href="https://github.com/stub42/pytz/compare/release_2019.2...release_2020.1">compare view</a></li> </ul> </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

</details>

Bumps django from 1.11.23 to 1.11.28. This update includes a security fix. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-hmr4-m2h5-33qx">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Moderate severity vulnerability that affects django</strong> Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.</p> <p>Affected versions: < 1.11.28</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/django/django/commit/e09f09b965ef47ffd99abd2c26ba7416751cffa6"><code>e09f09b</code></a> [1.11.x] Bumped version for 1.11.28 release.</li> <li><a href="https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd"><code>001b063</code></a> [1.11.x] Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.</li> <li><a href="https://github.com/django/django/commit/7fd1ca3ef63e5e834205a8208f4dc17d80f9a417"><code>7fd1ca3</code></a> [1.11.x] Fixed timezones tests for PyYAML 5.3+.</li> <li><a href="https://github.com/django/django/commit/121115d2c291b3969ac00ca62253f23513481739"><code>121115d</code></a> [1.11.x] Added CVE-2019-19844 to the security archive.</li> <li><a href="https://github.com/django/django/commit/2c4fb9a35db575ec56207446d782b8f450a2b4e7"><code>2c4fb9a</code></a> [1.11.x] Post-release version bump.</li> <li><a href="https://github.com/django/django/commit/358973a12eb3105ba084a2d594428a19223b8582"><code>358973a</code></a> [1.11.x] Bumped version for 1.11.27 release.</li> <li><a href="https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2"><code>f4cff43</code></a> [1.11.x] Fixed CVE-2019-19844 -- Used verified user email for password reset ...</li> <li><a href="https://github.com/django/django/commit/a2355740ed76ca9461b34d65beb450c0156f3224"><code>a235574</code></a> [1.11.x] Refs <a href="https://github-redirect.dependabot.com/django/django/issues/31073">#31073</a> -- Added release notes for 02eff7ef60466da108b1a33f1e4dc...</li> <li><a href="https://github.com/django/django/commit/e8fdf00cc2acdcc992fd9621230e927594dc5d4f"><code>e8fdf00</code></a> [1.11.x] Fixed <a href="https://github-redirect.dependabot.com/django/django/issues/31073">#31073</a> -- Prevented CheckboxInput.get_context() from mutating ...</li> <li><a href="https://github.com/django/django/commit/4f1501660b869c8358ce32b71464d8016c15208c"><code>4f15016</code></a> [1.11.x] Post-release version bump.</li> <li>Additional commits viewable in <a href="https://github.com/django/django/compare/1.11.23...1.11.28">compare view</a></li> </ul> </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

</details>

@dependabot rebase

@dependabot rebase

@dependabot rebase

Details in commit messages.

Thanks! 🙌

@jonathan-s @jessykate look good to you? This'll also affect the production environment so just double checking I'm not doing anything stupid. :)

I think all the apk dependencies are to build the Python packages, but they are available as binary wheels for Debian so they don't need to be installed (postgres-dev for psycopg2, libjpeg for pillow, etc).

Details in commit messages.

This was mostly done here: https://github.com/bfirsh/jsnes-web/pull/170

The only thing remaining is to release this (or jsnes-react?) as a package on npm.

@dependabot rebase

@dependabot rebase

@dependabot rebase

⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.

Bumps debian from testing-20191224 to testing-20200422.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

</details>

@dependabot rebase

@dependabot rebase

Bumps jsnes from 96d028e to 1cff0db. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/bfirsh/jsnes/commit/1cff0db76c7789c38d4c929800a712c1eff78d69"><code>1cff0db</code></a> Bump prettier from 1.16.4 to 2.0.5</li> <li><a href="https://github.com/bfirsh/jsnes/commit/142bde23b0ed0e3c5a6772d3c84de75ee120c565"><code>142bde2</code></a> 1.2.0</li> <li><a href="https://github.com/bfirsh/jsnes/commit/235393d1d264602340b78271709b66dbf82cbf40"><code>235393d</code></a> Switch to Apache 2 license</li> <li><a href="https://github.com/bfirsh/jsnes/commit/1e554901e131539f2829af2b3572367128508f6e"><code>1e55490</code></a> Bump mocha from 7.1.1 to 7.1.2</li> <li><a href="https://github.com/bfirsh/jsnes/commit/be5d1d4a8e0090ae8f241eec08b4087590cb6195"><code>be5d1d4</code></a> Bump eslint-config-prettier from 6.10.1 to 6.11.0</li> <li><a href="https://github.com/bfirsh/jsnes/commit/ad6a2d09610806540aad198aaa27a948e8c95d1d"><code>ad6a2d0</code></a> Bump sinon from 9.0.1 to 9.0.2</li> <li><a href="https://github.com/bfirsh/jsnes/commit/9487a5c6b6fd729a6682ce5ea389516b1c0e6ae6"><code>9487a5c</code></a> Bump eslint from 5.16.0 to 6.8.0</li> <li>See full diff in <a href="https://github.com/bfirsh/jsnes/compare/96d028e622ae3414a92cefc54c3da6eb82ad1ad7...1cff0db76c7789c38d4c929800a712c1eff78d69">compare view</a></li> </ul> </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

</details>