From 04481ebc46739370f05c0230bb4b929ed1e08a9935a5f938d9c611e055ffb82e Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Wed, 27 Mar 2024 19:41:53 +0000 Subject: [PATCH] baserev update by copy to link target OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Scrapy?expand=0&rev=39 --- python-Scrapy.changes | 45 ------------------------------------------- 1 file changed, 45 deletions(-) diff --git a/python-Scrapy.changes b/python-Scrapy.changes index c5afb61..41df8b1 100644 --- a/python-Scrapy.changes +++ b/python-Scrapy.changes @@ -1,51 +1,6 @@ ------------------------------------------------------------------- Mon Mar 25 14:12:20 UTC 2024 - Dirk Müller -- update to 2.11.1 (bsc#1220514, CVE-2024-1892): - * Addressed `ReDoS vulnerabilities` (bsc#1220514, CVE-2024-1892) - - ``scrapy.utils.iterators.xmliter`` is now deprecated in favor of - :func:`~scrapy.utils.iterators.xmliter_lxml`, which - :class:`~scrapy.spiders.XMLFeedSpider` now uses. - - To minimize the impact of this change on existing code, - :func:`~scrapy.utils.iterators.xmliter_lxml` now supports indicating - the node namespace with a prefix in the node name, and big files with - highly nested trees when using libxml2 2.7+. - - - Fixed regular expressions in the implementation of the - :func:`~scrapy.utils.response.open_in_browser` function. - .. _ReDoS vulnerabilities: https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS - - * :setting:`DOWNLOAD_MAXSIZE` and :setting:`DOWNLOAD_WARNSIZE` now also apply - to the decompressed response body. Please, see the `7j7m-v7m3-jqm7 security - advisory`_ for more information. - - .. _7j7m-v7m3-jqm7 security advisory: https://github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7 - - * Also in relation with the `7j7m-v7m3-jqm7 security advisory`_, the - deprecated ``scrapy.downloadermiddlewares.decompression`` module has been - removed. - * The ``Authorization`` header is now dropped on redirects to a different - domain. Please, see the `cw9j-q3vf-hrrv security advisory`_ for more - information. - * The OS signal handling code was refactored to no longer use private Twisted - functions. (:issue:`6024`, :issue:`6064`, :issue:`6112`) - * Improved documentation for :class:`~scrapy.crawler.Crawler` initialization - changes made in the 2.11.0 release. (:issue:`6057`, :issue:`6147`) - * Extended documentation for :attr:`Request.meta `. - * Fixed the :reqmeta:`dont_merge_cookies` documentation. (:issue:`5936`, - * Added a link to Zyte's export guides to the :ref:`feed exports - * Added a missing note about backward-incompatible changes in - :class:`~scrapy.exporters.PythonItemExporter` to the 2.11.0 release notes. - * Added a missing note about removing the deprecated - ``scrapy.utils.boto.is_botocore()`` function to the 2.8.0 release notes. - * Other documentation improvements. (:issue:`6128`, :issue:`6144`, - :issue:`6163`, :issue:`6190`, :issue:`6192`) -- drop twisted-23.8.0-compat.patch (upstream) - -------------------------------------------------------------------- -Mon Mar 25 14:12:20 UTC 2024 - Dirk Müller - - update to 2.11.1 (bsc#1220514, CVE-2024-1892, bsc#1221986): * Addressed `ReDoS vulnerabilities` (bsc#1220514, CVE-2024-1892) - ``scrapy.utils.iterators.xmliter`` is now deprecated in favor of