{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":64954794,"defaultBranch":"master","name":"release-tool","ownerLogin":"sequentech","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2016-08-04T17:38:21.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/86040603?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1726012659.0","currentOid":""},"activityList":{"items":[{"before":null,"after":"e5d14ce6ac1ca9d4742e09077f9f4ae1047a6b93","ref":"refs/heads/10.5.x","pushedAt":"2024-09-10T23:57:37.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"Findeton","name":"Félix Robles","path":"/Findeton","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3913223?s=80&v=4"},"commit":{"message":"Security dependencies update (#50)\n\nParent issue: sequentech/meta#567\r\n\r\nDependabot tickets:\r\n- https://github.com/sequentech/release-tool/security/dependabot/20\r\n- https://github.com/sequentech/release-tool/security/dependabot/21","shortMessageHtmlLink":"Security dependencies update (#50)"}},{"before":"fd30b67e21e8975b4922ccac355fbbd4d53bd5cf","after":null,"ref":"refs/heads/dependabot/pip/idna-3.7","pushedAt":"2024-04-26T15:41:09.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"edulix","name":"Eduardo Robles","path":"/edulix","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/81968?s=80&v=4"}},{"before":"0e3876bbfc8d41b9f2fa4e4f23fad5c1b8c2123e","after":"24939cc67df694aa76ae6cd63ce78d1787fcb4cb","ref":"refs/heads/master","pushedAt":"2024-04-26T15:41:08.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"edulix","name":"Eduardo Robles","path":"/edulix","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/81968?s=80&v=4"},"commit":{"message":"Bump idna from 3.3 to 3.7 (#54)\n\nParent issue: https://github.com/sequentech/meta/issues/810\r\nBumps [idna](https://github.com/kjd/idna) from 3.3 to 3.7.\r\n Sourced from idna's\r\nreleases. Thanks to Guido Vranken for reporting the issue. Full Changelog: https://github.com/kjd/idna/compare/v3.6...v3.7 Sourced from idna's\r\nchangelog. 3.7 (2024-04-11)\r\n++++++++++++++++ Thanks to Guido Vranken for reporting the issue. 3.6 (2023-11-25)\r\n++++++++++++++++ 3.5 (2023-11-24)\r\n++++++++++++++++ Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for\r\ncontributions\r\nto this release. 3.4 (2022-09-14)\r\n++++++++++++++++ Thanks to Seth Michael Larson for contributions to this release. Sourced from aiohttp's\r\nreleases. The asynchronous internals now set the underlying causes\r\nwhen assigning exceptions to the future objects\r\n-- by :user: Related issues and pull requests on GitHub:\r\n#8089. Treated values of Related issues and pull requests on GitHub:\r\n#8104. Improved the DNS resolution performance on cache hit -- by\r\n:user: This is achieved by avoiding an :mod: Related issues and pull requests on GitHub:\r\n#8163. Changed the type annotations to allow Related issues and pull requests on GitHub:\r\n#7741. Ensure websocket transport is closed when client does not close it\r\n-- by :user: The transport could remain open if the client did not close it. This\r\nchange ensures the transport is closed when the client does not close\r\nit. ... (truncated) Sourced from aiohttp's\r\nchangelog. The asynchronous internals now set the underlying causes\r\nwhen assigning exceptions to the future objects\r\n-- by :user: Related issues and pull requests on GitHub:\r\n:issue: Treated values of Related issues and pull requests on GitHub:\r\n:issue: Improved the DNS resolution performance on cache hit -- by\r\n:user: This is achieved by avoiding an :mod: Related issues and pull requests on GitHub:\r\n:issue: Changed the type annotations to allow Related issues and pull requests on GitHub:\r\n:issue: Ensure websocket transport is closed when client does not close it\r\n-- by :user: The transport could remain open if the client did not close it. This\r\nchange ensures the transport is closed when the client does not close\r\nit. ... (truncated) Sourced from cryptography's\r\nchangelog. 42.0.4 - 2024-02-20 .. _v42-0-3: 42.0.3 - 2024-02-15\r\nRelease notes
\r\n\r\n
\r\nv3.7
\r\nWhat's Changed
\r\n\r\n
\r\nChangelog
\r\n\r\n
\r\n\r\n
\r\n\r\n
\r\n\r\n
\r\n\r\n
\r\nCommits
\r\n\r\n
\r\n1d365e1
\r\nRelease v3.7c1b3154
\r\nMerge pull request #172 from\r\nkjd/optimize-contextj0394ec7
\r\nMerge branch 'master' into optimize-contextjcd58a23
\r\nMerge pull request #152 from\r\nelliotwutingfeng/dev5beb28b
\r\nMore efficient resolution of joiner contexts1b12148
\r\nUpdate ossf/scorecard-action to v2.3.1d516b87
\r\nUpdate Github actions/checkout to v4c095c75
\r\nMerge branch 'master' into dev60a0a4c
\r\nFix typo in GitHub Actions workflow key5918a0e
\r\nMerge branch 'master' into dev
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=idna&package-manager=pip&previous-version=3.3&new-version=3.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\nDependabot commands and options
\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show Release notes
\r\n\r\n
\r\n3.9.4
\r\nBug fixes
\r\n\r\n
\r\n\r\nwebknjaz
.Accept-Encoding
header as\r\ncase-insensitive when checking\r\nfor gzip files -- by :user:steverep
.bdraco
.asyncio
task\r\ncreation in this case.dict
on\r\n:meth:aiohttp.MultipartWriter.append
,\r\n:meth:aiohttp.MultipartWriter.append_json
and\r\n:meth:aiohttp.MultipartWriter.append_form
-- by\r\n:user:cakemanny
bdraco
.Changelog
\r\n\r\n
\r\n3.9.4 (2024-04-11)
\r\nBug fixes
\r\n\r\n
\r\n\r\nwebknjaz
.8089
.Accept-Encoding
header as\r\ncase-insensitive when checking\r\nfor gzip files -- by :user:steverep
.8104
.bdraco
.asyncio
task\r\ncreation in this case.8163
.dict
on\r\n:meth:aiohttp.MultipartWriter.append
,\r\n:meth:aiohttp.MultipartWriter.append_json
and\r\n:meth:aiohttp.MultipartWriter.append_form
-- by\r\n:user:cakemanny
7741
.bdraco
.Commits
\r\n\r\n
\r\nb3397c7
\r\nRelease v3.9.4 (#8201)a7e240a
\r\n[PR #8320/9ba9a4e5\r\nbackport][3.9] Fix Python parser to mark responses without...2833552
\r\nEscape filenames and paths in HTML when generating index pages (#8317)\r\n(#8319)ed43040
\r\n[PR #8309/c29945a1\r\nbackport][3.9] Improve reliability of run_app test (#8315)ec2be05
\r\n[PR #8299/28d026eb\r\nbackport][3.9] Create marker for internal tests (#8307)292d961
\r\n[PR #8304/88c80c14\r\nbackport][3.9] Check for backports in CI (#8305)cebe526
\r\nFix handling of multipart/form-data (#8280)\r\n(#8302)270ae9c
\r\n[PR #8297/d15f07cf\r\nbackport][3.9] Upgrade to llhttp 9.2.1 (#8292)\r\n(#8298)bb23105
\r\n[PR #8283/54e13b0a\r\nbackport][3.9] Fix blocking I/O in the event loop while pr...3f79241
\r\n[PR #8286/28f1fd88\r\nbackport][3.9] docs: remove repetitive word in comment (#8...
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=pip&previous-version=3.9.2&new-version=3.9.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\nDependabot commands and options
\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show Changelog
\r\n\r\n
\r\n* Fixed a null-pointer-dereference and segfault that could occur when\r\ncreating\r\na PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the\r\n issue. **CVE-2024-26130**\r\n* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields\r\n``SMIMECapabilities``\r\nand ``SignatureAlgorithmIdentifier`` should now be correctly encoded\r\naccording to the\r\n definitions in :rfc:`2633` :rfc:`3370`.\r\n
.. _v42-0-2:
\r\n\r\n\r\nfe18470
\r\nBump for 42.0.4 release (#10445)aaa2dd0
\r\nFix ASN.1 issues in PKCS#7 and S/MIME signing (#10373)\r\n(#10442)7a4d012
\r\nFixes #10422\r\n-- don't crash when a PKCS#12 key and cert don't match (#10423)\r\n...df314bb
\r\nbackport actions m1 switch to 42.0.x (#10415)c49a7a5
\r\nchangelog and version bump for 42.0.3 (#10396)396bcf6
\r\nfix provider loading take two (#10390)\r\n(#10395)0e0e46f
\r\nbackport: initialize openssl's legacy provider in rust (#10323)\r\n(#10333)