From 743d8ec2680ffb640d53e213d69fcbe79079df2f Mon Sep 17 00:00:00 2001 From: Peter Schutt Date: Mon, 6 May 2024 17:03:57 +1000 Subject: [PATCH] chore(release): prepare release v2.8.3 --- docs/release-notes/changelog.rst | 97 ++++++++++++++++++++++++++++++++ pyproject.toml | 2 +- tools/prepare_release.py | 6 +- 3 files changed, 101 insertions(+), 4 deletions(-) diff --git a/docs/release-notes/changelog.rst b/docs/release-notes/changelog.rst index 7f90149e45..d950d092a9 100644 --- a/docs/release-notes/changelog.rst +++ b/docs/release-notes/changelog.rst @@ -3,6 +3,103 @@ 2.x Changelog ============= +.. changelog:: 2.8.3 + :date: 2024-05-06 + + .. change:: Fix improper limitation of a pathname to a restricted directory + :type: bugfix + + Fix a path traversal vulnerability disclosed in https://github.com/litestar-org/litestar/security/advisories/GHSA-83pv-qr33-2vcf + + .. change:: Remove use of asserts for control flow. + :type: bugfix + :pr: 3359 + :issue: 3354 + + #3347 introduced a new pattern to differentiate between Pydantic v1 and v2 installs, however it relies on using `assert` which is an issue as can optimised away. + + This PR changes the approach to manually throw an `ImportError` instead. + + .. change:: schema for generic wrapped return types with DTO + :type: bugfix + :pr: 3371 + :issue: 2929 + + Fix schema generated for DTOs where the supported type is wrapped in a generic outer type. + + .. change:: Ambiguous default warning for no signature default + :type: bugfix + :pr: 3378 + :issue: 3372 + + We now only issue a single warning for the case where a default value is supplied via `Parameter()` and not via a regular signature default. + + .. change:: Path param consumed by dependency treated as unconsumed + :type: bugfix + :pr: 3380 + :issue: 3369 + + Consider parameters defined in handler dependencies in order to determine if a path parameter has been consumed for openapi generation purposes. + + Fixes an issue where path parameters not consumed by the handler, but consumed by dependencies would cause an `ImproperlyConfiguredException`. + + .. change:: Solve a caching issue in `CacheControlHeader` + :type: bugfix + :pr: 3383 + + Fixes an issue causing return of invalid values from cache. + + .. change:: "name" and "in" should not be included in openapi headers + :type: bugfix + :pr: 3417 + :issue: 3416 + + Exclude the "name" and "in" fields from openapi schema generated for headers. + + .. change:: top-level import of optional package + :type: bugfix + :pr: 3418 + :issue: 3415 + + Fix import from `contrib.minijinja` without handling for case where dependency is not installed. + + .. change:: regular handler under mounted app + :type: bugfix + :pr: 3430 + :issue: 3429 + + Fix an issue where a regular handler under a mounted asgi app would prevent a request from routing through the + mounted application if the request path contained the path of the regular handler as a substring. + + .. change:: logging to file with structlog + :type: bugfix + :pr: 3425 + + PR fixes issue with converting `StructLoggingConfig` to dict during call to `configure()` when the config object + has a custom logger factory that references a `TextIO` object, which cannot be pickled. + + .. change:: clear session cookie if new session gt CHUNK_SIZE + :type: bugfix + :pr: 3446 + :issue: 3441 + + Fix an issue where the connection session cookie is not cleared if the response session is stored across + multiple cookies. + + .. change:: flash messages were not displayed on Redirect + :type: bugfix + :pr: 3420 + :issue: 3325 + + Fixes issue where flash messages were not displayed on redirect. + + .. change:: Validation of optional sequence in multipart data with one value + :type: bugfix + :pr: 3408 + :issue: 3407 + + A `Sequence[UploadFile] | None` would not pass validation when a single value was provided for a structured type, e.g. dataclass. + .. changelog:: 2.8.2 :date: 2024-04-09 diff --git a/pyproject.toml b/pyproject.toml index 0de84e3d07..3ad5a95b5b 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -60,7 +60,7 @@ maintainers = [ name = "litestar" readme = "README.md" requires-python = ">=3.8,<4.0" -version = "2.8.2" +version = "2.8.3" [project.urls] Blog = "https://blog.litestar.dev" diff --git a/tools/prepare_release.py b/tools/prepare_release.py index 19ca644be7..7192eadee7 100644 --- a/tools/prepare_release.py +++ b/tools/prepare_release.py @@ -78,8 +78,8 @@ def _pr_number_from_commit(comp: Comp) -> int: message_head = comp.commit.message.split("\n\n")[0] match = re.search(r"\(#(\d+)\)$", message_head) if not match: - raise ValueError(f"Could not find PR number for commit {message_head!r}") - return int(match[1]) + print(f"Could not find PR number in {message_head}") # noqa: T201 + return int(match[1]) if match else None class _Thing: @@ -152,7 +152,7 @@ async def get_prs(self) -> dict[str, list[PRInfo]]: res = await self._api_client.get(f"/compare/{self._base}...{self._release_branch}") res.raise_for_status() compares = msgspec.convert(res.json()["commits"], list[Comp]) - pr_numbers = [_pr_number_from_commit(c) for c in compares] + pr_numbers = list(filter(None, (_pr_number_from_commit(c) for c in compares))) pulls = await asyncio.gather(*map(self._get_pr_info_for_pr, pr_numbers)) prs = defaultdict(list)