pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/py-scrapy
Module Name: pkgsrc
Committed By: adam
Date: Thu Dec 4 16:03:50 UTC 2025
Modified Files:
pkgsrc/www/py-scrapy: Makefile distinfo
Log Message:
py-scrapy: updated to 2.13.4
Scrapy 2.13.4 (2025-11-17)
Security bug fixes
- Improved protection against decompression bombs in
:class:`~scrapy.downloadermiddlewares.httpcompression.HttpCompressionMiddleware`
for responses compressed using the ``br`` and ``deflate`` methods: if a
single compressed chunk would be larger than the response size limit (see
:setting:`DOWNLOAD_MAXSIZE`) when decompressed, decompression is no longer
carried out. This is especially important for the ``br`` (Brotli) method
that can provide a very high compression ratio. Please, see the
`CVE-2025-6176`_ and `GHSA-2qfp-q593-8484`_ security advisories for more
information.
(:issue:`7134`)
.. _CVE-2025-6176: https://nvd.nist.gov/vuln/detail/CVE-2025-6176
.. _GHSA-2qfp-q593-8484: https://github.com/advisories/GHSA-2qfp-q593-8484
Modified requirements
- The minimum supported version of the optional ``brotli`` package is now
``1.2.0``.
(:issue:`7134`)
- The ``brotlicffi`` and ``brotlipy`` packages can no longer be used to
decompress Brotli-compressed responses. Please install the ``brotli``
package instead.
(:issue:`7134`)
Other changes
- Restricted the maximum supported Twisted version to ``25.5.0``, as Scrapy
currently uses some private APIs changed in later Twisted versions.
(:issue:`7142`)
- Stopped setting the ``COVERAGE_CORE`` environment variable in tests, it
didn't have an effect but caused the ``coverage`` module to produce a
warning or an error.
(:issue:`7137`)
- Removed the documentation build dependency on the deprecated
``sphinx-hoverxref`` module.
(:issue:`6786`, :issue:`6922`)
To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.33 pkgsrc/www/py-scrapy/Makefile
cvs rdiff -u -r1.22 -r1.23 pkgsrc/www/py-scrapy/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/www/py-scrapy/Makefile
diff -u pkgsrc/www/py-scrapy/Makefile:1.32 pkgsrc/www/py-scrapy/Makefile:1.33
--- pkgsrc/www/py-scrapy/Makefile:1.32 Thu Oct 9 07:58:12 2025
+++ pkgsrc/www/py-scrapy/Makefile Thu Dec 4 16:03:50 2025
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.32 2025/10/09 07:58:12 wiz Exp $
+# $NetBSD: Makefile,v 1.33 2025/12/04 16:03:50 adam Exp $
-DISTNAME= scrapy-2.13.3
+DISTNAME= scrapy-2.13.4
PKGNAME= ${PYPKGPREFIX}-${DISTNAME}
CATEGORIES= www python
MASTER_SITES= ${MASTER_SITE_PYPI:=S/Scrapy/}
Index: pkgsrc/www/py-scrapy/distinfo
diff -u pkgsrc/www/py-scrapy/distinfo:1.22 pkgsrc/www/py-scrapy/distinfo:1.23
--- pkgsrc/www/py-scrapy/distinfo:1.22 Thu Jul 3 04:42:11 2025
+++ pkgsrc/www/py-scrapy/distinfo Thu Dec 4 16:03:50 2025
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.22 2025/07/03 04:42:11 adam Exp $
+$NetBSD: distinfo,v 1.23 2025/12/04 16:03:50 adam Exp $
-BLAKE2s (scrapy-2.13.3.tar.gz) = be8b53372bd3b48f5228db053845abe2c89c910cc71925e7c4a80c1345b7474a
-SHA512 (scrapy-2.13.3.tar.gz) = ab3f707d44376b69fa09fb775f72abf5a69a3ff80668eb0b3cdc5feb2748c46092dc21f7e2f819c85930227aab02ab905c04c64fcda96ab380a1fe9b0afd8cfc
-Size (scrapy-2.13.3.tar.gz) = 1220051 bytes
+BLAKE2s (scrapy-2.13.4.tar.gz) = 2df45d1ae979942ba6e7a487e7c4ba4b13e44ca9908a38028aeeef06ea58dc56
+SHA512 (scrapy-2.13.4.tar.gz) = 87149c63e3533dbf5b1f049d191f481f2aca679ed5b5706a0d6a1d9ba613723008b989b903cb9ff9ae592df0aea64c5ce101bdcc4328f7ef5c908b065a813c54
+Size (scrapy-2.13.4.tar.gz) = 1220580 bytes
Home |
Main Index |
Thread Index |
Old Index