Bump loguru from 0.5.3 to 0.6.0 #94

dependabot · 2022-01-31T20:13:52Z

Bumps loguru from 0.5.3 to 0.6.0.

Release notes

0.6.0

Remove internal use of pickle.loads() considered as a security vulnerability referenced as CVE-2022-0329 (#563).

Modify coroutine sink to make it discard log messages when loop=None and no event loop is running (due to internally using asyncio.get_running_loop() in place of asyncio.get_event_loop()).

Remove the possibility to add a coroutine sink with enqueue=True if loop=None and no event loop is running.

Change default encoding of file sink to be utf8 instead of locale.getpreferredencoding() (#339).

Prevent non-ascii characters to be escaped while logging JSON message with serialize=True (#575, thanks @ponponon).

Fix flake8 errors and improve code readability (#353, thanks @AndrewYakimets).

Changelog

Sourced from loguru's changelog.

0.6.0_ (2022-01-29)

Remove internal use of pickle.loads() considered as a security vulnerability referenced as CVE-2022-0329 <https://nvd.nist.gov/vuln/detail/CVE-2022-0329>_ ([#563](https://github.com/Delgan/loguru/issues/563) <https://github.com/Delgan/loguru/issues/563>_).

Modify coroutine sink to make it discard log messages when loop=None and no event loop is running (due to internally using asyncio.get_running_loop() in place of asyncio.get_event_loop()).

Remove the possibility to add a coroutine sink with enqueue=True if loop=None and no event loop is running.

Change default encoding of file sink to be utf8 instead of locale.getpreferredencoding() ([#339](https://github.com/Delgan/loguru/issues/339) <https://github.com/Delgan/loguru/issues/339>_).

Prevent non-ascii characters to be escaped while logging JSON message with serialize=True ([#575](https://github.com/Delgan/loguru/issues/575) <https://github.com/Delgan/loguru/pull/575>, thanks @ponponon <https://github.com/ponponon>).

Fix flake8 errors and improve code readability ([#353](https://github.com/Delgan/loguru/issues/353) <https://github.com/Delgan/loguru/issues/353>, thanks @AndrewYakimets <https://github.com/AndrewYakimets>).

Commits

f40fa31 Bump version to 0.6.0
6a19cb1 Update CHANGELOG.md to reference CVE-2022-0329 vulnerability fix
bc1dab4 Add docs about possible log injection attack
ea39375 Document several security considerations and best practices
1eeea19 Change default file sink encoding to be "utf8" (#339)
b02ef7a Prevent non-ascii characters to be escaped while logging JSON (#575)
d38ced7 Modify behavior of coroutine sink when no running event loop
ca6dcd0 Fix warnings generated by 'test_exceptions_catch.py' unit tests
2270d2b Fix warning generated by "test_add_option_enqueue.py" unit tests
4b0070a Remove use of "pickle.loads()" to comply with security tools (#563)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [loguru](https://github.com/Delgan/loguru) from 0.5.3 to 0.6.0. - [Release notes](https://github.com/Delgan/loguru/releases) - [Changelog](https://github.com/Delgan/loguru/blob/master/CHANGELOG.rst) - [Commits](Delgan/loguru@0.5.3...0.6.0) --- updated-dependencies: - dependency-name: loguru dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2023-04-10T21:03:20Z

Superseded by #151.

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jan 31, 2022

dependabot bot force-pushed the dependabot/pip/loguru-0.6.0 branch 2 times, most recently from b8529ca to 1104803 Compare April 2, 2022 12:09

dependabot bot force-pushed the dependabot/pip/loguru-0.6.0 branch from 1104803 to eb973fe Compare May 12, 2022 15:11

dependabot bot closed this Apr 10, 2023

dependabot bot deleted the dependabot/pip/loguru-0.6.0 branch April 10, 2023 21:03

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump loguru from 0.5.3 to 0.6.0 #94

Bump loguru from 0.5.3 to 0.6.0 #94

dependabot bot commented on behalf of github Jan 31, 2022 •

edited

Loading

dependabot bot commented on behalf of github Apr 10, 2023

Bump loguru from 0.5.3 to 0.6.0 #94

Bump loguru from 0.5.3 to 0.6.0 #94

Conversation

dependabot bot commented on behalf of github Jan 31, 2022 • edited Loading

0.6.0

0.6.0_ (2022-01-29)

dependabot bot commented on behalf of github Apr 10, 2023

dependabot bot commented on behalf of github Jan 31, 2022 •

edited

Loading

`0.6.0`_ (2022-01-29)