Changelog:
=============
- Fix duplicated dependencies added to the lock file when the same dependency with extras is requested.
- Stabilize order of the extras and dependency-groups fields in pylock output.
- Fix Windows 11 install pdm error, which is because of msgpack install failure.
- Change the return type of array_of_inline_tables to list[dict] from list[str]
- Ensure uv resolver to include hash for package files.
- Avoid infinite recursion when reading pyproject.toml with circular file dependencies.
- Support pylock as alternative lock format and make it opt-in by config.
- Search for package metadata in lock file first when reuse strategy is used.
(From OE-Core rev: 121c609e91dd7eb72670513eef8c31a5f2271c89)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update: Copyright year updated to 2025
(From OE-Core rev: 2ac6a959f32214d958a7a0cf1973a9bc66839a9b)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
- Fix a longstanding ordering issue with extracting type information
from properties which have a reference to another property. 'mac-mode'
is the one in the Linux kernel.
- Fix a false positive warning about missing
unevaluatedProperties/additionalProperties
(From OE-Core rev: e36601ca6454ec62ad2dd0db47724e2ad4c240cd)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bugs fixed
----------
* Attribute lookups failed on the "bool" builtin type.
* Type checks on or-ed union types could incorrectly return false.
* Negative list indexing could accidentally wrap around twice in PyPy and the Limited API.
* Iterating over literal sequences with starred (unpacked) items could infer a wrong
type for the loop variable and fail to assign the values.
* Calls to C functions taking exception types failed to check for a 'None' argument.
* Fused functions had an incorrect "__module__" attribute.
* The type of Cython implemented functions had an incorrect "__module__" attribute.
* Errors while indexing into "bytearray" or "str" in "nogil" sections could crash.
* "bytearray.append()" could silently accept some invalid character numbers.
* The C++11 "<type_traits>" header was included regardless of the C++ version.
* "PyDict_GetItemStringRef()" was accidentally used in older Limited API versions.
* "abort()" was used but not always available in the Limited API.
* Some dependencies were missing from the "depfile".
* Embedded function signatures were not always separated from the existing docstring.
* "numpy.math" was missing from "Cython/Includes/" and could not be cimported.
* Some tests were adapted for NumPy 2.x.
* Some C compiler warnings were fixed.
* "Cython.Build" was not officially exposing the "cythonize" function.
(From OE-Core rev: ad9e2ba3d7c1af3f7084427eb9ddb0822460b108)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The last dependency in core on this recipe was removed in May 2024[1],
and there don't appear to be any other users that I can find. The last
upstream release was in 2018 so this is now obsolete.
[1] oe-core dfa482f199 ("python3-requests: cleanup RDEPENDS")
(From OE-Core rev: 48b6851420ac54b181647bf23fe1ad86c75fa650)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Security content in this release:
- gh-135034: Fixes multiple issues that allowed tarfile extraction filters
(filter="data" and filter="tar") to be bypassed using crafted symlinks and
hard links. Addresses CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, and
CVE-2025-4517.
- gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-
“strict” error handler.
- gh-128840: Short-circuit the processing of long IPv6 addresses early in
ipaddress to prevent excessive memory consumption and a minor denial-of-service.
Includes additional standard library improvements and bug fixes.
References:
https://docs.python.org/3/whatsnew/changelog.html#python-3-13-4-finalhttps://www.python.org/downloads/release/python-3134/
(From OE-Core rev: d2bcfa826aa3a7bd5d6ab250fb8ba083e2688c8b)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libnsl2 and libtirpc were build dependencies for the nis module.
The nis module was deprecated in Python 3.11 and removed in Python 3.13
(From OE-Core rev: 742eca9cb56ab4ad10534181d28de1fdf3880b9f)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Add comment about riscv32gc ioctl codes patch, it is needed until libc
version is 0.2.172 or greater in Cargo.lock.
Comparing changes since 1.8.3:
https://github.com/PyO3/maturin/compare/v1.8.3...v1.8.6
Changelog:
1.8.6
* Print a message when overriding platform tag from _PYTHON_HOST_PLATFORM
in #2594
* Use the current python interpreter's version when the abi3 feature is set
with no explicit version in #2597
1.8.5
* Fix release CI build
1.8.4
* Install a Rust toolchain into a temporary directory when building maturin
itself or a package and a Rust toolchain is missing. Set
MATURIN_NO_INSTALL_RUST to disable this behavior. #2421
* Fix broken maturin develop with latest uv in #2584
* Add PYO3_PYTHON env var support in #2534
* Sort RECORD file in wheel archives to make them deterministic in #2550
* Publish wheel for loongarch64 in #2548
* Add --compression-level option to build command in #2572
(From OE-Core rev: 92387900825dc6570c9bb43ca4b5a7d44f821f5c)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Comparing changes since 25.0.0:
https://github.com/pyca/pyopenssl/compare/25.0.0...25.1.0
Changelog:
https://www.pyopenssl.org/en/latest/changelog.html
25.1.0 (2025-05-17):
Backward-incompatible changes:
* None
Deprecations:
* Attempting using any methods that mutate an OpenSSL.SSL.Context after
it has been used to create an OpenSSL.SSL.Connection will emit a
warning. In a future release, this will raise an exception.
Changes:
* cryptography maximum version has been increased to 45.0.x.
(From OE-Core rev: f83f00c1a5bb17e89651c5b19ec0a65e61a1bde7)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Comparing changes since 1.5.0:
https://github.com/pytest-dev/pluggy/compare/1.5.0...1.6.0
Release notes:
https://pluggy.readthedocs.io/en/latest/changelog.html#pluggy-1-6-0-2025-05-15
Deprecations and Removals
* Python 3.8 is no longer supported. (#556)
Bug Fixes
* Fix a regression in pluggy 1.1.0 where using result.get_result() on the
same failed Result causes the exception’s traceback to get longer and
longer.(#504)
* Correctly pass StopIteration through hook wrappers.(#544)
* Raising a StopIteration in a generator triggers a RuntimeError.
* If the RuntimeError of a generator has the passed in StopIteration as
cause resume with that StopIteration as normal exception instead of failing
with the RuntimeError.
(From OE-Core rev: 23cfc453d8a03cd4edaad72ed4dbda9be7c47041)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Many changes are included with this release, including support for
freethreading builds of CPython 3.13, cleanup of legacy code, and many
other features and bug fixes.
Changelog: https://github.com/cython/cython/blob/master/CHANGES.rst
Patch '0001-Output-import-relative-paths-in-generated-C-code.-GH.patch'
is included in 3.1.0, so we no longer need the backport:
|tgamblin@megalith ~/workspace/git/pythonsrc/cython (master)$ git tag --contains 20bceea6b19ffc2f65b9fba2e4f737f09e5a2b20
|3.1.0
|3.1.0-1
|3.1.0a1
|3.1.0b1
|3.1.0rc1
|3.1.0rc2
Reproducibility looks OK.
(From OE-Core rev: 26a73392524f648015d55bf421a9b1bf5ac0d955)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=============
- Rule comments: tell how many spaces are expected
- Rule quoted-strings: Fix only-when-needed on multiline with backslash
- Config: Report if rules is not a dict
- Fix test_codec_built_in_equivalent() test when run with pytest
- CI: Fix TestPyPI "dev0" versions for master commits on tags
- Docs: Add links to GitHub repository and releases
- Docs: Fix GitLab integration example
- Docs: Fix GitLab integration link
- Fix the tests badge link on the README
(From OE-Core rev: b49426b3577546e197c42aa28b5af4a0f3ea1c53)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=============
- Fix TypeError when taking the union of typing_extensions.TypeAliasType and a
typing.TypeAliasType on Python 3.12 and 3.13.
- Backport from CPython PR #132160 to avoid having user arguments shadowed in
generated __new__ by @typing_extensions.deprecated.
(From OE-Core rev: f01c7ece71f4d9887763ee5062c56d454f88ae3d)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changed
----------
- Update list of supported licenses
Fixed
--------
- Fix an issue where the union of specific inverse or partially inverse markers
was not simplified
- Fix an issue where optional dependencies defined in the project section were
treated as non-optional when a source was defined for them in the tool.poetry
section
- Fix an issue where markers with === were not parsed correctly
- Fix an issue where local versions with upper case letters caused an error
- Fix an issue where extra markers with a value starting with "in" were not
validated correctly
- Fix an issue where inheriting from WheelBuilder was unnecessarily difficult
(From OE-Core rev: ca51448b82abd9333ad2763d52c473cbe876d5c5)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Features & Improvements
------------------------
- New command pdm new that behaves like pdm init but creates a new project.
- Support use --name as project name for command pdm new e.g. pdm new hello --name world
- Support exporting to pylock.toml format as described by PEP 751.
Bug Fixes
---------
- Pass the --quiet option to pdm sync command.
- If a .python-version file is found and it contains multiple lines, the file
will be ignored. The usage of the .python-version file can be disabled, if
configuration value python.use_python_version (or environment variable PDM_USE_PYTHON_VERSION) is False.
- fix pdm config -e command to open read-only file under linux
- Replace project names and import names in both README.md and pyproject.toml when running pdm init <template>.
- Fix a bug that URL dependency hashes are not updated if running pdm lock --update-reuse.
- Install the project when using the BaseSynchronizer with install_self set
to True. This fixes the bug that when calling pdm sync --quiet, it skips
installing the project itself.
- Mark one additional test as requiring network, and fix another one
not to require it anymore.
(From OE-Core rev: 01cacd208c7a3e1fa2923ef346d7a1c65a4005c0)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
============
- Re-add a test for Unicode file name parsing
- Upgrade to ruff 0.9.1
- Add support for PEP 738 Android tags
- feat(markers): support 'extras' and 'dependency_groups' markers
(From OE-Core rev: 1f6a72bf37297a362119375523750544a11a23ea)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
Changed
-------
- DRY fix in abbr extension by introducing method create_element
- Clean up test directory by removing some redundant tests and port non-redundant cases to the newer test framework.
- Improved performance of the raw HTML post-processor
Fixed
---------
- Backslash Unescape IDs set via attr_list on toc
- Ensure md_in_html processes content inside "markdown" blocks as they are parsed outside of "markdown" blocks to keep things more consistent for third-party extensions
- md_in_html handle tags within inline code blocks better
- md_in_html fix handling of one-liner block HTML handling
- Ensure <center> is treated like a block-level element
- Ensure that abbr extension respects AtomicString and does not process perceived abbreviations in these strings
- Ensure smarty extension correctly renders nested closing quotes
(From OE-Core rev: 662d586edb3afed8273ec4910ea1a4c090f8b757)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
- Fix undefined variable errors when strict_undefined=True when using a
nested list comprehension.
(From OE-Core rev: 40a60f0ca45116604430f8b0d1ee4f70e1f9843e)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bugfix:
-Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs.
(Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.)
(From OE-Core rev: 4e15eededc4c67665c48c0fcdcfa41cfd0d3bf40)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
- $HFPR_PACKAGE_NAME is now replaced by the package name in the PyPI readme.
- Support for Python 3.7.
(From OE-Core rev: 5d3f3f8f9770e81bd7c2d53a1512577792ba4fa2)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
