Sourced from ujson's releases.

5.2.0

Added

• Support parsing NaN, Infinity and -Infinity (#514) @​Erotemic
• Support dynamically linking against system double-conversion library (#508) @​musicinmybrain
• Add env var to control stripping debug info (#507) @​musicinmybrain
• Add JSONDecodeError (#498) @​JustAnotherArchivist

Fixed

• Fix buffer overflows (CVE-2021-45958) (#519) @​JustAnotherArchivist
• Upgrade Black to fix Click (#515) @​hugovk
• simplify exception handling on integer overflow (#510) @​RouquinBlanc
• Remove dead code that used to handle the separate int type in Python 2 (#509) @​JustAnotherArchivist
• Fix exceptions on encoding list or dict elements and non-overflow errors on int handling getting silenced (#505) @​JustAnotherArchivist

• f6860f1 Remove shebang
• c0ff7b1 python -m pytest
• 362fed3 Clearer pytest command
• 82917c0 actions/[email protected]
• 3c095f1 Widen tests to cover more possible buffer overflows
• f4d2c87 Refactor buffer reservations to ensure sufficient space on all additions
• 1846e08 Add fuzz test to CI/CD.
• 5875168 Fix some more seg-faults on encoding.
• 1a39406 Remove the hidden JSON_NO_EXTRA_WHITESPACE compile knob.
• 20aa1a6 Add a fuzzing test to search for segfaults in encoding.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 286bd9f Cut 2.10.1
• 4c491e2 Fix CVE re: PKey.write_private_key chmod race
• aa3cc6f Cut 2.10.0
• e50e19f Fix up changelog entry with real links
• 02ad67e Helps to actually leverage your mocked system calls
• 29d7bf4 Clearly our agent stuff is not fully tested yet...
• 5fcb8da OpenSSH docs state %C should also work in IdentityFile and Match exec
• 1bf3dce Changelog enhancement
• f6342fc Prettify, add %C as acceptable controlpath token, mock gethostname
• 3f3451f Add to changelog
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from ujson's releases.

5.1.0

Changed

• Strip debugging symbols from Linux binaries (#493) @​bwoodsend

5.0.0

Added

• Use cibuildwheel to build wheels (#491) @​bwoodsend

Removed

• Drop support for soon-EOL Python 3.6 (#490) @​hugovk

Fixed

• Install Twine to upload to PyPI (#492) @​hugovk

4.3.0

Added

• Enable Windows on ARM64 target (#488) @​nsait-linaro

• 682c660 Merge pull request #493 from bwoodsend/strip-binaries
• c1d5b6d [pre-commit.ci] auto fixes from pre-commit.com hooks
• b9275f7 Strip debugging symbols from Linux binaries.
• e3ccc5a Merge pull request #492 from hugovk/deploy-twine
• 243d49b Install Twine to upload to PyPI
• 269621b Merge pull request #490 from hugovk/rm-3.6
• cccde3f Drop support for EOL Python 3.6
• b55049f Merge pull request #491 from bwoodsend/switch-to-ci-build-wheels
• 04286a6 Drop wheels for Python 3.6. (#490)
• ab32d48 CI/CD: Ensure that sdists are uploaded last.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 9e9e840 2022.12.07
• b81bdb2 2022.09.24
• 939a28f 2022.09.14
• aca828a 2022.06.15.2
• de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...
• b8eb5e9 2022.06.15.1
• 47fb7ab Fix deprecation warning on Python 3.11 (#199)
• b0b48e0 fixes #198 -- update link in license
• 9d514b4 2022.06.15
• 4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from protobuf's releases.

Protocol Buffers v3.19.5

C++

• Reduce memory consumption of MessageSet parsing
• This release addresses a Security Advisory for C++ and Python users

Protocol Buffers v3.19.4

Python

• Make libprotobuf symbols local on OSX to fix issue #9395 (#9435)

Ruby

• Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32. (#9440).

PHP

• Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32. (#9440).

Protocol Buffers v3.19.3

Python

• Fix missing Windows wheel for Python 3.10 on PyPI

Protocol Buffers v3.19.2

Java

• Improve performance characteristics of UnknownFieldSet parsing (#9371)
• This release addresses a Security Advisory for Java users

• b464cfb Updating changelog
• 40859fb Updating version.json and repo version numbers to: 19.5
• 3b175f1 Merge pull request #10543 from deannagarcia/3.19.x
• c05b5f3 Add missing includes
• 0299c03 Apply patch
• 0a722f1 Update version.json with "lts": true (#10533)
• d5eb60a Merge pull request #10530 from protocolbuffers/deannagarcia-patch-6
• 6cf1f78 Update version.json
• 97fc844 Merge pull request #10504 from deannagarcia/3.19.x
• 29d60a2 Add version file
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from ujson's releases.

5.4.0

Added

• Add support for arbitrary size integers (#548) @​JustAnotherArchivist

Fixed

• CVE-2022-31116:
  • Replace wchar_t string decoding implementation with a uint32_t-based one (#555) @​JustAnotherArchivist
  • Fix handling of surrogates on decoding (#550) @​JustAnotherArchivist
• CVE-2022-31117: Potential double free of buffer during string decoding @​JustAnotherArchivist
• Fix memory leak on encoding errors when the buffer was resized (#549) @​JustAnotherArchivist
• Integer parsing: always detect overflows (#544) @​NaN-git
• Fix handling of surrogates on encoding (#530) @​JustAnotherArchivist

5.3.0

Added

• Test Python 3.11 beta (#539) @​hugovk

Changed

• Benchmark refactor - argparse CLI (#533) @​Erotemic

Fixed

• Fix segmentation faults when errors occur while handling unserialisable objects (#531) @​JustAnotherArchivist
• Fix segmentation fault when an exception is raised while converting a dict key to a string (#526) @​JustAnotherArchivist
• Fix memory leak dumping on non-string dict keys (#521) @​JustAnotherArchivist
• Fix ref counting on repeated default function calls (#524) @​JustAnotherArchivist
• Remove redundant wheel dependency from pyproject.toml (#535) @​hugovk

5.2.0

Added

• Support parsing NaN, Infinity and -Infinity (#514) @​Erotemic
• Support dynamically linking against system double-conversion library (#508) @​musicinmybrain
• Add env var to control stripping debug info (#507) @​musicinmybrain
• Add JSONDecodeError (#498) @​JustAnotherArchivist

Fixed

• Fix buffer overflows (CVE-2021-45958) (#519) @​JustAnotherArchivist
• Upgrade Black to fix Click (#515) @​hugovk
• simplify exception handling on integer overflow (#510) @​RouquinBlanc
• Remove dead code that used to handle the separate int type in Python 2 (#509) @​JustAnotherArchivist
• Fix exceptions on encoding list or dict elements and non-overflow errors on int handling getting silenced (#505) @​JustAnotherArchivist

• 9c20de0 Merge pull request from GHSA-fm67-cv37-96ff
• b21da40 Fix double free on string decoding if realloc fails
• 67ec071 Merge pull request #555 from JustAnotherArchivist/fix-decode-surrogates-2
• bc7bdff Replace wchar_t string decoding implementation with a uint32_t-based one
• cc70119 Merge pull request #548 from JustAnotherArchivist/arbitrary-ints
• 4b5cccc Merge pull request #553 from bwoodsend/pypy-ci
• abe26fc Merge pull request #551 from bwoodsend/bye-bye-travis
• 3efb5cc Delete old TravisCI workflow and references.
• 404de1a xfail test_decode_surrogate_characters() on Windows PyPy.
• f7e66dc Switch to musl docker base images.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from numpy's releases.

v1.22.0

NumPy 1.22.0 Release Notes

NumPy 1.22.0 is a big release featuring the work of 153 contributors spread over 609 pull requests. There have been many improvements, highlights are:

• Annotations of the main namespace are essentially complete. Upstream is a moving target, so there will likely be further improvements, but the major work is done. This is probably the most user visible enhancement in this release.
• A preliminary version of the proposed Array-API is provided. This is a step in creating a standard collection of functions that can be used across application such as CuPy and JAX.
• NumPy now has a DLPack backend. DLPack provides a common interchange format for array (tensor) data.
• New methods for quantile, percentile, and related functions. The new methods provide a complete set of the methods commonly found in the literature.
• A new configurable allocator for use by downstream projects.

These are in addition to the ongoing work to provide SIMD support for commonly used functions, improvements to F2PY, and better documentation.

The Python versions supported in this release are 3.8-3.10, Python 3.7 has been dropped. Note that 32 bit wheels are only provided for Python 3.8 and 3.9 on Windows, all other wheels are 64 bits on account of Ubuntu, Fedora, and other Linux distributions dropping 32 bit support. All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix the occasional problems encountered by folks using truly huge arrays.

Expired deprecations

Deprecated numeric style dtype strings have been removed

Using the strings "Bytes0", "Datetime64", "Str0", "Uint32", and "Uint64" as a dtype will now raise a TypeError.

(gh-19539)

Expired deprecations for loads, ndfromtxt, and mafromtxt in npyio

numpy.loads was deprecated in v1.15, with the recommendation that users use pickle.loads instead. ndfromtxt and mafromtxt were both deprecated in v1.17 - users should use numpy.genfromtxt instead with the appropriate value for the usemask parameter.

(gh-19615)

... (truncated)

• 4adc87d Merge pull request #20685 from charris/prepare-for-1.22.0-release
• fd66547 REL: Prepare for the NumPy 1.22.0 release.
• 125304b wip
• c283859 Merge pull request #20682 from charris/backport-20416
• 5399c03 Merge pull request #20681 from charris/backport-20954
• f9c45f8 Merge pull request #20680 from charris/backport-20663
• 794b36f Update armccompiler.py
• d93b14e Update test_public_api.py
• 7662c07 Update init.py
• 311ab52 Update armccompiler.py
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.