Sourced from redis's changelog.

• 3.5.2 (May 14, 2020)
  • Tune the locking in ConnectionPool.get_connection so that the lock is not held while waiting for the socket to establish and validate the TCP connection.

• 7c0a67a 3.5.2
• 32a5840 Tune the locking in ConnectionPool.get_connection
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from sentry-sdk's releases.

0.14.4

• Fix bugs in transport rate limit enforcement for specific data categories. The bug should not have affected anybody because we do not yet emit rate limits for specific event types/data categories.
• Fix a bug in capture_event where it would crash if given additional kwargs. Thanks to Tatiana Vasilevskaya!
• Fix a bug where contextvars from the request handler were inaccessible in AIOHTTP error handlers.
• Fix a bug where the Celery integration would crash if newrelic instrumented Celery as well.

Sourced from sentry-sdk's changelog.

0.14.4

• Fix bugs in transport rate limit enforcement for specific data categories. The bug should not have affected anybody because we do not yet emit rate limits for specific event types/data categories.
• Fix a bug in capture_event where it would crash if given additional kwargs. Thanks to Tatiana Vasilevskaya!
• Fix a bug where contextvars from the request handler were inaccessible in AIOHTTP error handlers.
• Fix a bug where the Celery integration would crash if newrelic instrumented Celery as well.

• a45ae81 release: 0.14.4
• 5f9a350 doc: Changelog for 0.14.4
• 26ecc05 fix(celery): Vendor parts of functools to avoid conflict with newrelic (#685)
• f46373c Clarify console warning (#684)
• b8f7953 build(deps): bump sphinx from 3.0.2 to 3.0.3 (#680)
• 55b1df7 fix: Pin pytest-asyncio (#681)
• 0da369f build(deps): bump sphinx from 2.3.1 to 3.0.2 (#672)
• d617e54 fix: Preserve contextvars in aiohttp integration (#674)
• f90cb06 ref: reformat tox.ini
• b866e9b fix: Flask-dev dropped Python 2 (#671)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from sqlalchemy's releases.

1.3.17

Released: May 13, 2020

orm

• [orm] [bug] Fixed bug where using with_polymorphic() as the target of a join via RelationshipComparator.of_type() on a mapper that already has a subquery-based with_polymorphic setting that's equivalent to the one requested would not correctly alias the ON clause in the join.

  References: #5288

• [orm] [bug] Fixed issue in the area of where loader options such as selectinload() interact with the baked query system, such that the caching of a query is not supposed to occur if the loader options themselves have elements such as with_polymorphic() objects in them that currently are not cache-compatible. The baked loader could sometimes not fully invalidate itself in these some of these scenarios leading to missed eager loads.

  References: #5303

• [orm] [bug] Modified the internal "identity set" implementation, which is a set that hashes objects on their id() rather than their hash values, to not actually call the __hash__() method of the objects, which are typically user-mapped objects. Some methods were calling this method as a side effect of the implementation.

  References: #5304

• [orm] [bug] An informative error message is raised when an ORM many-to-one comparison is attempted against an object that is not an actual mapped instance. Comparisons such as those to scalar subqueries aren't supported; generalized comparison with subqueries is better achieved using ~.RelationshipProperty.Comparator.has().

  References: #5269

• [orm] [usecase] Added an accessor ColumnProperty.Comparator.expressions which provides access to the group of columns mapped under a multi-column ColumnProperty attribute.

  References: #5262

• [orm] [usecase] Introduce _orm.relationship.sync_backref flag in a relationship to control if the synchronization events that mutate the in-Python attributes are added. This supersedes the previous change #5149, which warned that viewonly=True relationship target of a back_populates or backref configuration would be disallowed.

... (truncated)

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from deprecated's releases.

v1.2.10 - Bug fix Release

Fix #25: @deprecated respects global warning filters with actions other than "ignore" and "always" on Python 3.

Sourced from deprecated's changelog.

v1.2.10 (2020-05-13)

Bug fix release

Fix

• Fix #25: @deprecated respects global warning filters with actions other than "ignore" and "always" on Python 3.

Other

• Change the configuration for TravisCI to build on pypy and pypy3.
• Change the configuration for TravisCI and AppVeyor: drop configuration for Python 3.4 and add 3.8.

• a1c0a7f New bug fix release v1.2.10 (2020-05-13)
• 90a976c Correct coverage version in tox.ini: use 'coverage < 5' to be able to...
• a270ce2 Correct issue number in CHANGELOG.rst (close #25).
• 9c42eed Fix #15: @deprecated respects global warning filters with actions other t...
• 28fe02f Change the configuration for TravisCI and AppVeyor: drop configuration for Py...
• b392e26 Appveyor: Drop Py34 and add Py38
• c4351fb Update the banner in the documentation (version number is v1.2.10).
• 59eff38 Remove the title-page.odg file (not used).
• d9401ec Update the documentation about the supported versions of PyPy.
• 73c3aa7 Change the configuration for TravisCI to build on pypy and pypy3.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from eslint-plugin-import's changelog.

[2.21.1] - 2020-06-07

Fixed

• TypeScript: [import/named]: avoid requiring typescript when not using TS (#1805, thanks [@ljharb])

[2.21.0] - 2020-06-07

Added

• [import/default]: support default export in TSExportAssignment (#1528, thanks [@joaovieira])
• [no-cycle]: add ignoreExternal option (#1681, thanks [@sveyret])
• [order]: Add support for TypeScript's "import equals"-expressions (#1785, thanks [@manuth])
• [import/default]: support default export in TSExportAssignment (#1689, thanks [@Maxim-Mazurok])
• [no-restricted-paths]: add custom message support (#1802, thanks [@malykhinvi])

Fixed

• [group-exports]: Flow type export awareness (#1702, thanks [@ernestostifano])
• [order]: Recognize pathGroup config for first group (#1719, #1724, thanks [@forivall], [@xpl])
• [no-unused-modules]: Fix re-export not counting as usage when used in combination with import (#1722, thanks [@Ephem])
• [no-duplicates]: Handle TS import type (#1676, thanks [@kmui2])
• [newline-after-import]: recognize decorators (#1139, thanks [@atos1990])
• [no-unused-modules]: Revert "[flow] no-unused-modules: add flow type support" (#1770, thanks [@Hypnosphi])
• TypeScript: Add nested namespace handling (#1763, thanks [@julien1619])
• [namespace]/ExportMap: Fix interface declarations for TypeScript (#1764, thanks [@julien1619])
• [no-unused-modules]: avoid order-dependence (#1744, thanks [@darkartur])
• [no-internal-modules]: also check export from syntax (#1691, thanks [@adjerbetian])
• TypeScript: [export]: avoid a crash with export = (#1801, thanks [@ljharb])

Changed

• [Refactor] no-extraneous-dependencies: use moduleVisitor (#1735, thanks [@adamborowski])
• TypeScript config: Disable [named][] (#1726, thanks [@astorije])
• [readme] Remove duplicate no-unused-modules from docs (#1690, thanks [@arvigeus])
• [Docs] order: fix bad inline config (#1788, thanks [@nickofthyme])
• [Tests] Add fix for Windows Subsystem for Linux (#1786, thanks [@manuth])
• [Docs] no-unused-rules: Fix docs for unused exports (#1776, thanks [@barbogast])
• [eslint] bump minimum v7 version to v7.2.0

• 63d2a3f Bump to v2.21.1
• 381b2b5 [Fix] TypeScript: named: avoid requiring typescript when not using TS
• 2699251 Bump to v2.21.0
• d84062e [eslint] bump minimum v7 version to v7.2.0
• 199143c [Deps] update array-includes, array.prototype.flat, `eslint-import-resolv...
• 4ff9b92 [Fix] TypeScript: export: avoid a crash with export =
• 0d6d12e [Tests] add test for export * from a d.ts file
• 0b81052 [New] no-restricted-paths: Add custom message support
• 0b585a1 [New] import/default: support default export in TSExportAssignment
• 0547c7e [Tests] add test case for #1645
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from eslint's releases.

v7.2.0

• b735a48 Update: add enforceForFunctionPrototypeMethods option to no-extra-parens (#12895) (Milos Djermanovic)
• 27ef73f Update: reporter locr of func-call-spacing (refs #12334) (#13311) (Anix)
• 353bfe9 Update: handle parentheses in multiline-ternary (fixes #13195) (#13367) (Milos Djermanovic)
• a7fd343 Update: keyword-spacing unexpected space loc improve (refs #12334) (#13377) (Anix)
• e49732e Fix: Ignore import expressions in no-unused-expressions rule (#13387) (Veniamin Krol)
• 220349f Chore: Remove duplicate health files (#13380) (Nicholas C. Zakas)
• dd949ae Update: support ?? operator, import.meta, and export * as ns (#13196) (Toru Nagashima)
• d5fce9f Update: enable es2020 environment in --init (#13357) (Milos Djermanovic)
• 21b1583 Docs: fixed broken hash link for working-with-rules.md (#13386) (Yosuke Ota)
• b76aef7 Update: Improve report location for template-tag-spacing (refs #12334) (#13203) (Milos Djermanovic)
• 578efad Chore: update no-unused-vars caughtErrors in eslint-config-eslint (#13351) (Milos Djermanovic)
• 426088c Fix: no-unused-vars updated location to last reference (fixes #13181) (#13354) (Anix)
• cb50b69 Update: Improve location for no-mixed-spaces-and-tabs (refs #12334) (#13365) (Milos Djermanovic)
• f858f2a Chore: Add Tidelift to funding.yml (#13371) (Nicholas C. Zakas)
• ee30e5d Sponsors: Sync README with website (ESLint Jenkins)
• c29bd9f Chore: Add breaking/core change link to issue templates (#13344) (Kai Cataldo)
• d55490f Sponsors: Sync README with website (ESLint Jenkins)

v7.1.0

• a93083a Fix: astUtils.getNextLocation returns invalid location after CRLF (#13275) (Milos Djermanovic)
• df01af1 Update: padded-blocks loc position changes (refs #12334) (#13328) (Anix)
• bd3f092 Fix: max-lines-per-function flagging arrow IIFEs (fixes #13332) (#13336) (cherryblossom000)
• 25462b2 Update: block-spacing changed loc for extra (refs #12334) (#13314) (Anix)
• de0aab9 Fix: report end loc in one-var-declaration-per-line (refs #12334) (#13326) (YeonJuan)
• 1710296 Fix: no-new-symbol false positive with Symbol as an argument (#13337) (Milos Djermanovic)
• cc01451 Fix: arrow-parens no reporting for comments inside (fixes #12995) (#13312) (Anix)
• a195141 Update: reporting location for semi-spacing (refs #12334) (#13285) (Anix)
• e3e4c41 Fix: fix false positives of no-new-func (#13333) (Pig Fang)
• 611c676 Docs: Update new rules policies (#13343) (Nicholas C. Zakas)
• 3a5fbb3 Chore: correct fileoverview doc in accessor-pairs (#13335) (YeonJuan)
• b0a6b81 Update: Improve report location for rest-spread-spacing (refs #12334) (#13313) (Milos Djermanovic)
• 68c8ee3 Fix: Stop path analyzer on unknown nodes (#13305) (Ilya Volodin)
• 89e1081 Update: Improve report location for linebreak-style (refs #12334) (#13317) (Milos Djermanovic)
• 0891379 Docs: Document the "correct" way to build an array with values (#13246) (Ed S)
• 88127d7 Chore: remove checkbox from PR template prerequesites (#13330) (Kai Cataldo)
• c636d57 New: no-loss-of-precision (fixes #11279) (#12747) (jmoore914)
• 72a4e10 Chore: Mark SourceCode getComments() method as deprecated (fixes #13293) (#13296) (SuperOleg39)
• 7f14846 Docs: fix broken link in Node.js API docs (#13307) (Kai Cataldo)
• 02aeba1 Sponsors: Sync README with website (ESLint Jenkins)
• 1f17533 Docs: Gitter -> Discord URL (refs #13039) (#13308) (Nicholas C. Zakas)
• 82a448a Docs: improve documentation of no-return-await (#13215) (Linus Unnebäck)
• 742941d Update: added typescript-eslint/recommended configs for init (#13235) (Anix)
• 3d03df0 Sponsors: Sync README with website (ESLint Jenkins)
• f44a6b4 Chore: fix invalid syntax in require-await tests (#13277) (Milos Djermanovic)
• 2c778fb Fix: remove custom plugins from replacedBy metadata (#13274) (Kai Cataldo)
• 0db3b1d Sponsors: Sync README with website (ESLint Jenkins)

Sourced from eslint's changelog.

v7.2.0 - June 5, 2020

• b735a48 Update: add enforceForFunctionPrototypeMethods option to no-extra-parens (#12895) (Milos Djermanovic)

• 27ef73f Update: reporter locr of func-call-spacing (refs #12334) (#13311) (Anix)

• 353bfe9 Update: handle parentheses in multiline-ternary (fixes #13195) (#13367) (Milos Djermanovic)

• a7fd343 Update: keyword-spacing unexpected space loc improve (refs #12334) (#13377) (Anix)

• e49732e Fix: Ignore import expressions in no-unused-expressions rule (#13387) (Veniamin Krol)

• 220349f Chore: Remove duplicate health files (#13380) (Nicholas C. Zakas)

• dd949ae Update: support ?? operator, import.meta, and export * as ns (#13196) (Toru Nagashima)

• d5fce9f Update: enable es2020 environment in --init (#13357) (Milos Djermanovic)

• 21b1583 Docs: fixed broken hash link for working-with-rules.md (#13386) (Yosuke Ota)

• b76aef7 Update: Improve report location for template-tag-spacing (refs #12334) (#13203) (Milos Djermanovic)

• 578efad Chore: update no-unused-vars caughtErrors in eslint-config-eslint (#13351) (Milos Djermanovic)

• 426088c Fix: no-unused-vars updated location to last reference (fixes #13181) (#13354) (Anix)

• cb50b69 Update: Improve location for no-mixed-spaces-and-tabs (refs #12334) (#13365) (Milos Djermanovic)

• f858f2a Chore: Add Tidelift to funding.yml (#13371) (Nicholas C. Zakas)

• ee30e5d Sponsors: Sync README with website (ESLint Jenkins)

• c29bd9f Chore: Add breaking/core change link to issue templates (#13344) (Kai Cataldo)

• d55490f Sponsors: Sync README with website (ESLint Jenkins) v7.1.0 - May 22, 2020

• a93083a Fix: astUtils.getNextLocation returns invalid location after CRLF (#13275) (Milos Djermanovic)

• df01af1 Update: padded-blocks loc position changes (refs #12334) (#13328) (Anix)

• bd3f092 Fix: max-lines-per-function flagging arrow IIFEs (fixes #13332) (#13336) (cherryblossom000)

• 25462b2 Update: block-spacing changed loc for extra (refs #12334) (#13314) (Anix)

• de0aab9 Fix: report end loc in one-var-declaration-per-line (refs #12334) (#13326) (YeonJuan)

• 1710296 Fix: no-new-symbol false positive with Symbol as an argument (#13337) (Milos Djermanovic)

• cc01451 Fix: arrow-parens no reporting for comments inside (fixes #12995) (#13312) (Anix)

• a195141 Update: reporting location for semi-spacing (refs #12334) (#13285) (Anix)

• e3e4c41 Fix: fix false positives of no-new-func (#13333) (Pig Fang)

• 611c676 Docs: Update new rules policies (#13343) (Nicholas C. Zakas)

• 3a5fbb3 Chore: correct fileoverview doc in accessor-pairs (#13335) (YeonJuan)

• b0a6b81 Update: Improve report location for rest-spread-spacing (refs #12334) (#13313) (Milos Djermanovic)

• 68c8ee3 Fix: Stop path analyzer on unknown nodes (#13305) (Ilya Volodin)

• 89e1081 Update: Improve report location for linebreak-style (refs #12334) (#13317) (Milos Djermanovic)

• 0891379 Docs: Document the "correct" way to build an array with values (#13246) (Ed S)

• 88127d7 Chore: remove checkbox from PR template prerequesites (#13330) (Kai Cataldo)

• c636d57 New: no-loss-of-precision (fixes #11279) (#12747) (jmoore914)

• 72a4e10 Chore: Mark SourceCode getComments() method as deprecated (fixes #13293) (#13296) (SuperOleg39)

• 7f14846 Docs: fix broken link in Node.js API docs (#13307) (Kai Cataldo)

• 02aeba1 Sponsors: Sync README with website (ESLint Jenkins)

• 1f17533 Docs: Gitter -> Discord URL (refs #13039) (#13308) (Nicholas C. Zakas)

• 82a448a Docs: improve documentation of no-return-await (#13215) (Linus Unnebäck)

• 742941d Update: added typescript-eslint/recommended configs for init (#13235) (Anix)

• 3d03df0 Sponsors: Sync README with website (ESLint Jenkins)

• f44a6b4 Chore: fix invalid syntax in require-await tests (#13277) (Milos Djermanovic)

• 2c778fb Fix: remove custom plugins from replacedBy metadata (#13274) (Kai Cataldo)

• 0db3b1d Sponsors: Sync README with website (ESLint Jenkins)

• f9c35f3 7.2.0
• 8d2f728 Build: changelog update for 7.2.0
• b735a48 Update: add enforceForFunctionPrototypeMethods option to no-extra-parens (#12...
• 27ef73f Update: reporter locr of func-call-spacing (refs #12334) (#13311)
• 353bfe9 Update: handle parentheses in multiline-ternary (fixes #13195) (#13367)
• a7fd343 Update: keyword-spacing unexpected space loc improve (refs #12334) (#13377)
• e49732e Fix: Ignore import expressions in no-unused-expressions rule (#13387)
• 220349f Chore: Remove duplicate health files (#13380)
• dd949ae Update: support ?? operator, import.meta, and export * as ns (#13196)
• d5fce9f Update: enable es2020 environment in --init (#13357)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from pytest-randomly's changelog.

3.3.1 (2020-04-15)

• Fix to work when pytest-xdist is not installed or active (PluginValidationError: unknown hook 'pytest_configure_node').

3.3.0 (2020-04-15)

• Add pytest-xdist support. Previously it only worked reliably when setting --randomly-seed explicitly. When not provided, the default seed generated in workers could differ and collection would fail. Now when it is not provided, all xdist worker processes shared the same default seed generated in the master process.

• f7e377b Version 3.3.1
• a4debd6 Fix when xdist not installed or active (#248)
• 98339d3 Note pytest-xdist support in README
• 889c53a Version 3.3.0
• e494af8 Add pytest-xdist support (#245)
• fc8eb59 Upgrade requirements (#244)
• c3022b7 Remove Python 3.9 classifier from setup.cfg (#243)
• f422719 Tidy README badges
• 1023e12 Move CI to GitHub Actions (#241)
• a8f95d1 Upgrade requirements (#240)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from deprecated's releases.

v1.2.9 - Bug fix Release

• Fix #20
• Fix #19 packit configuration

v1.2.8 - Bug fix Release

Fix #15: The @deprecated decorator doesn’t set a warning filter if the action keyword argument is not provided or None. In consequences, the warning messages are only emitted if the global filter allow it. For more information, see The Warning Filter in the Python documentation.

Fix #13: Warning displays the correct filename and line number when decorating a class if wrapt does not have the compiled c extension.

The API documentation and the Tutorial is improved to explain how to use custom warning categories and local filtering (warning filtering at function call).

Fix #17: Customize the sidebar to add links to the documentation to the source in GitHub and to the Bug tracker. Add a logo in the sidebar and change the logo in the main page to see the library version.

Add a detailed documentation about The “Sphinx” decorators.

Change the Tox configuration to test the library with Wrapt 1.12.x.

Sourced from deprecated's changelog.

v1.2.9 (2020-04-10)

Bug fix release

Fix

• Fix #20: Set the warnings.warn stacklevel to 2 if the Python implementation is PyPy.
• Fix packit configuration: use dist-git-branch: fedora-all.

Other

• Change the Tox configuration to run tests on PyPy v2.7 and 3.6.

v1.2.8 (2020-04-05)

Bug fix release

Fix

• Fix #15: The @deprecated decorator doesn't set a warning filter if the action keyword argument is not provided or None. In consequences, the warning messages are only emitted if the global filter allow it. For more information, see The Warning Filter in the Python documentation.
• Fix #13: Warning displays the correct filename and line number when decorating a class if wrapt does not have the compiled c extension.

Documentation

• The api documentation and the tutorial is improved to explain how to use custom warning categories and local filtering (warning filtering at function call).
• Fix #17: Customize the sidebar to add links to the documentation to the source in GitHub and to the Bug tracker. Add a logo in the sidebar and change the logo in the main page to see the library version.
• Add a detailed documentation about sphinx_deco.

Other

• Change the Tox configuration to test the library with Wrapt 1.12.x.

• 2b8e9e8 Add the missing long_description_content_type keyword in the setup co...
• 6589bf5 New bug fix release v1.2.9 (2020-04-10)
• 04f7dd3 Change the EditorConfig configuration: Yaml files are indented with 2 spaces.
• 58ffd93 Fix packit configuration: use dist-git-branch: fedora-all.
• aef92b1 Fix #20: Set the :func:warnings.warn stacklevel to 2 if the Python implemen...
• 0867989 Change the Tox configuration to run tests on PyPy v2.7 and 3.6.
• d8e1a1d dist_git_branch -> dist-git-branch
• 2861cf1 Fix changelog in python-deprecated.spec.
• 083b94d Prepare next version 1.2.9 (unreleased)
• befe6fc New bug fix release v1.2.8 (2020-04-05)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from sphinx's changelog.

Release 3.0.1 (released Apr 11, 2020)

Incompatible changes

• #7418: std domain: :rst:dir:term role becomes case sensitive

Bugs fixed

• #7428: py domain: a reference to class None emits a nitpicky warning
• #7445: py domain: a return annotation None in the function signature is not converted to a hyperlink when using intersphinx
• #7418: std domain: duplication warning for glossary terms is case insensitive
• #7438: C++, fix merging overloaded functions in parallel builds.
• #7422: autodoc: fails with ValueError when using autodoc_mock_imports
• #7435: autodoc: autodoc_typehints='description' doesn't suppress typehints in signature for classes/methods
• #7451: autodoc: fails with AttributeError when an object returns non-string object as a __doc__ member
• #7423: crashed when giving a non-string object to logger
• #7479: html theme: Do not include xmlns attribute with HTML 5 doctype
• #7426: html theme: Escape some links in HTML templates

Release 3.0.0 (released Apr 06, 2020)

Dependencies

3.0.0b1

• LaTeX: drop dependency on :program:extractbb for image inclusion in Japanese documents as .xbb files are unneeded by :program:dvipdfmx since TeXLive2015 (refs: #6189)
• babel-2.0 or above is available (Unpinned)

Incompatible changes

3.0.0b1

• Drop features and APIs deprecated in 1.8.x
• #247: autosummary: stub files are overwritten automatically by default. see :confval:autosummary_generate_overwrite to change the behavior
• #5923: autodoc: the members of object class are not documented by default when :inherited-members: and :special-members: are given.
• #6830: py domain: meta fields in info-field-list becomes reserved. They are not displayed on output document now

... (truncated)

• 474f9d4 Bump to 3.0.1 final
• 273ece4 Merge pull request #7452 from tk0miya/7451_error_for_non_string_docstring
• 7b902e8 Fix #7451: autodoc: failed with non-string doc member
• ebf2571 Merge pull request #7454 from tk0miya/7445_rtype_annotation_None
• d9d381d Fix #7445: a return annotation None is not converted to a hyperlink
• aca3f82 Merge pull request #7442 from tk0miya/7435_typehints_not_suppressed_for_class
• e9e4aa8 Update CHANGES for PR #7426
• 9add576 Update CHANGES for PR #7449
• d9033a4 Merge pull request #7426 from mgeier/escape-links
• 9ff5b21 Merge pull request #7449 from mitya57/no-xmlns
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from sqlalchemy's releases.

1.3.16

Released: April 7, 2020

orm

• [orm] [bug] Fixed bug in orm.selectinload() loading option where two or more loaders that represent different relationships with the same string key name as referenced from a single orm.with_polymorphic() construct with multiple subclass mappers would fail to invoke each subqueryload separately, instead making use of a single string-based slot that would prevent the other loaders from being invoked.

  References: #5228

• [orm] [performance] Modified the queries used by subqueryload and selectinload to no longer ORDER BY the primary key of the parent entity; this ordering was there to allow the rows as they come in to be copied into lists directly with a minimal level of Python-side collation. However, these ORDER BY clauses can negatively impact the performance of the query as in many scenarios these columns are derived from a subquery or are otherwise not actual primary key columns such that SQL planners cannot make use of indexes. The Python-side collation uses the native itertools.group_by() to collate the incoming rows, and has been modified to allow multiple row-groups-per-parent to be assembled together using list.extend(), which should still allow for relatively fast Python-side performance. There will still be an ORDER BY present for a relationship that includes an explicit order_by parameter, however this is the only ORDER BY that will be added to the query for both kinds of loading.

  References: #5162

• [orm] [bug] Fixed issue where a lazyload that uses session-local "get" against a target many-to-one relationship where an object with the correct primary key is present, however it's an instance of a sibling class, does not correctly return None as is the case when the lazy loader actually emits a load for that row.

  References: #5210

orm declarative

• [bug] [declarative] [orm] The string argument accepted as the first positional argument by the relationship() function when using the Declarative API is no longer interpreted using the Python eval() function; instead, the name is dot separated and the names are looked up directly in the name resolution dictionary without treating the value as a Python expression. However, passing a string argument to the other relationship() parameters

... (truncated)

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 9e9e840 2022.12.07
• b81bdb2 2022.09.24
• 939a28f 2022.09.14
• aca828a 2022.06.15.2
• de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...
• b8eb5e9 2022.06.15.1
• 47fb7ab Fix deprecation warning on Python 3.11 (#199)
• b0b48e0 fixes #198 -- update link in license
• 9d514b4 2022.06.15
• 4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 9e9e840 2022.12.07
• b81bdb2 2022.09.24
• 939a28f 2022.09.14
• aca828a 2022.06.15.2
• de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...
• b8eb5e9 2022.06.15.1
• 47fb7ab Fix deprecation warning on Python 3.11 (#199)
• b0b48e0 fixes #198 -- update link in license
• 9d514b4 2022.06.15
• 4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from minimist's changelog.

v1.2.7 - 2022-10-10

Commits

• [meta] add auto-changelog 0ebf4eb
• [actions] add reusable workflows e115b63
• [eslint] add eslint; rules to enable later are warnings f58745b
• [Dev Deps] switch from covert to nyc ab03356
• [readme] rename and add badges 236f4a0
• [meta] create FUNDING.yml; add funding in package.json 783a49b
• [meta] use npmignore to autogenerate an npmignore file f81ece6
• Only apps should have lockfiles 56cad44
• [Dev Deps] update covert, tape; remove unnecessary tap 49c5f9f
• [Tests] add aud in posttest 228ae93
• [meta] add safe-publish-latest 01fc23f
• [meta] update repo URLs 6b164c7

v1.2.6 - 2022-03-21

Commits

• test from prototype pollution PR bc8ecee
• isConstructorOrProto adapted from PR c2b9819
• security notice for additional prototype pollution issue ef88b93

• c590d75 v1.2.7
• 0ebf4eb [meta] add auto-changelog
• e115b63 [actions] add reusable workflows
• 01fc23f [meta] add safe-publish-latest
• f58745b [eslint] add eslint; rules to enable later are warnings
• 228ae93 [Tests] add aud in posttest
• 236f4a0 [readme] rename and add badges
• ab03356 [Dev Deps] switch from covert to nyc
• 49c5f9f [Dev Deps] update covert, tape; remove unnecessary tap
• 783a49b [meta] create FUNDING.yml; add funding in package.json
• Additional commits viewable in compare view

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from pillow's releases.

9.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html

Changes

• Initialize libtiff buffer when saving #6699 [@​radarhere]
• Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [@​wiredfool]
• Inline fname2char to fix memory leak #6329 [@​nulano]
• Fix memory leaks related to text features #6330 [@​nulano]
• Use double quotes for version check on old CPython on Windows #6695 [@​hugovk]
• GHA: replace deprecated set-output command with GITHUB_OUTPUT file #6697 [@​nulano]
• Remove backup implementation of Round for Windows platforms #6693 [@​cgohlke]
• Upload fribidi.dll to GitHub Actions #6532 [@​nulano]
• Fixed set_variation_by_name offset #6445 [@​radarhere]
• Windows build improvements #6562 [@​nulano]
• Fix malloc in _imagingft.c:font_setvaraxes #6690 [@​cgohlke]
• Only use ASCII characters in C source file #6691 [@​cgohlke]
• Release Python GIL when converting images using matrix operations #6418 [@​hmaarrfk]
• Added ExifTags enums #6630 [@​radarhere]
• Do not modify previous frame when calculating delta in PNG #6683 [@​radarhere]
• Added support for reading BMP images with RLE4 compression #6674 [@​npjg]
• Decode JPEG compressed BLP1 data in original mode #6678 [@​radarhere]
• pylint warnings #6659 [@​marksmayo]
• Added GPS TIFF tag info #6661 [@​radarhere]
• Added conversion between RGB/RGBA/RGBX and LAB #6647 [@​radarhere]
• Do not attempt normalization if mode is already normal #6644 [@​radarhere]
• Fixed seeking to an L frame in a GIF #6576 [@​radarhere]
• Consider all frames when selecting mode for PNG save_all #6610 [@​radarhere]
• Don't reassign crc on ChunkStream close #6627 [@​radarhere]
• Raise a warning if NumPy failed to raise an error during conversion #6594 [@​radarhere]
• Only read a maximum of 100 bytes at a time in IMT header #6623 [@​radarhere]
• Show all frames in ImageShow #6611 [@​radarhere]
• Allow FLI palette chunk to not be first #6626 [@​radarhere]
• If first GIF frame has transparency for RGB_ALWAYS loading strategy, use RGBA mode #6592 [@​radarhere]
• Round box position to integer when pasting embedded color #6517 [@​radarhere]
• Removed EXIF prefix when saving WebP #6582 [@​radarhere]
• Pad IM palette to 768 bytes when saving #6579 [@​radarhere]
• Added DDS BC6H reading #6449 [@​ShadelessFox]
• Added support for opening WhiteIsZero 16-bit integer TIFF images #6642 [@​JayWiz]
• Raise an error when allocating translucent color to RGB palette #6654 [@​jsbueno]
• Moved mode check outside of loops #6650 [@​radarhere]
• Added reading of TIFF child images #6569 [@​radarhere]
• Improved ImageOps palette handling #6596 [@​PososikTeam]
• Defer parsing of palette into colors #6567 [@​radarhere]
• Apply transparency to P images in ImageTk.PhotoImage #6559 [@​radarhere]
• Use rounding in ImageOps contain() and pad() #6522 [@​bibinhashley]
• Fixed GIF remapping to palette with duplicate entries #6548 [@​radarhere]
• Allow remap_palette() to return an image with less than 256 palette entries #6543 [@​radarhere]
• Corrected BMP and TGA palette size when saving #6500 [@​radarhere]

... (truncated)

Sourced from pillow's changelog.

9.3.0 (2022-10-29)

• Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [wiredfool]

• Initialize libtiff buffer when saving #6699 [radarhere]

• Inline fname2char to fix memory leak #6329 [nulano]

• Fix memory leaks related to text features #6330 [nulano]

• Use double quotes for version check on old CPython on Windows #6695 [hugovk]

• Remove backup implementation of Round for Windows platforms #6693 [cgohlke]

• Fixed set_variation_by_name offset #6445 [radarhere]

• Fix malloc in _imagingft.c:font_setvaraxes #6690 [cgohlke]

• Release Python GIL when converting images using matrix operations #6418 [hmaarrfk]

• Added ExifTags enums #6630 [radarhere]

• Do not modify previous frame when calculating delta in PNG #6683 [radarhere]

• Added support for reading BMP images with RLE4 compression #6674 [npjg, radarhere]

• Decode JPEG compressed BLP1 data in original mode #6678 [radarhere]

• Added GPS TIFF tag info #6661 [radarhere]

• Added conversion between RGB/RGBA/RGBX and LAB #6647 [radarhere]

• Do not attempt normalization if mode is already normal #6644 [radarhere]

... (truncated)

• d594f4c Update CHANGES.rst [ci skip]
• 909dc64 9.3.0 version bump
• 1a51ce7 Merge pull request #6699 from hugovk/security-libtiff_buffer
• 2444cdd Merge pull request #6700 from hugovk/security-samples_per_pixel-sec
• 744f455 Added release notes
• 0846bfa Add to release notes
• 799a6a0 Fix linting
• 00b25fd Hide UserWarning in logs
• 05b175e Tighter test case
• 13f2c5a Prevent DOS with large SAMPLESPERPIXEL in Tiff IFD
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

How often will the code scanning analysis run?

By default, code scanning will trigger a scan with the CodeQL engine on the following events:

• On every pull request — to flag up potential security problems for you to investigate before merging a PR.
• On every push to your default branch and other protected branches — this keeps the analysis results on your repository’s Security tab up to date.
• Once a week at a fixed time — to make sure you benefit from the latest updated security analysis even when no code was committed or PRs were opened.

What will this cost?

Nothing! The CodeQL engine will run inside GitHub Actions, making use of your unlimited free compute minutes for public repositories.

What types of problems does CodeQL find?

The CodeQL engine that powers GitHub code scanning is the exact same engine that powers LGTM.com. The exact set of rules has been tweaked slightly, but you should see almost exactly the same types of alerts as you were used to on LGTM.com: we’ve enabled the security-and-quality query suite for you.

How do I upgrade my CodeQL engine?

No need! New versions of the CodeQL analysis are constantly deployed on GitHub.com; your repository will automatically benefit from the most recently released version.

The analysis doesn’t seem to be working

If you get an error in GitHub Actions that indicates that CodeQL wasn’t able to analyze your code, please follow the instructions here to debug the analysis.

How do I disable LGTM.com?

If you have LGTM’s automatic pull request analysis enabled, then you can follow these steps to disable the LGTM pull request analysis. You don’t actually need to remove your repository from LGTM.com; it will automatically be removed in the next few months as part of the deprecation of LGTM.com (more info here).

Which source code hosting platforms does code scanning support?

GitHub code scanning is deeply integrated within GitHub itself. If you’d like to scan source code that is hosted elsewhere, we suggest that you create a mirror of that code on GitHub.

How do I know this PR is legitimate?

This PR is filed by the official LGTM.com GitHub App, in line with the deprecation timeline that was announced on the official GitHub Blog. The proposed GitHub Action workflow uses the official open source GitHub CodeQL Action. If you have any other questions or concerns, please join the discussion here in the official GitHub community!

I have another question / how do I get in touch?

Please join the discussion here to ask further questions and send us suggestions!