Title: Bump filelock from 3.9.0 to 3.20.3 by dependabot[bot] · Pull Request #73 · macadmins/python · GitHub
Open Graph Title: Bump filelock from 3.9.0 to 3.20.3 by dependabot[bot] · Pull Request #73 · macadmins/python
X Title: Bump filelock from 3.9.0 to 3.20.3 by dependabot[bot] · Pull Request #73 · macadmins/python
Description: Bumps filelock from 3.9.0 to 3.20.3.
Release notes
Sourced from filelock's releases.
3.20.3
What's Changed
Fix TOCTOU symlink vulnerability in SoftFileLock by @gaborbernat in tox-dev/filelock#465
Full Changelog: tox-dev/filelock@3.20.2...3.20.3
3.20.2
What's Changed
Support Unix systems without O_NOFOLLOW by @mwilliamson in tox-dev/filelock#463
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in tox-dev/filelock#464
New Contributors
@mwilliamson made their first contribution in tox-dev/filelock#463
Full Changelog: tox-dev/filelock@3.20.1...3.20.2
3.20.1
What's Changed
CVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by @gaborbernat in tox-dev/filelock#461
Full Changelog: tox-dev/filelock@3.20.0...3.20.1
3.20.0
What's Changed
Add tox.toml to sdist by @mtelka in tox-dev/filelock#436
Update docs with example by @znichollscr in tox-dev/filelock#438
Add 3.14 support and drop 3.9 by @gaborbernat in tox-dev/filelock#448
New Contributors
@mtelka made their first contribution in tox-dev/filelock#436
@znichollscr made their first contribution in tox-dev/filelock#438
Full Changelog: tox-dev/filelock@3.19.1...3.20.0
3.19.1
What's Changed
add 3.14t (free threading) to matrix by @paultiq in tox-dev/filelock#433
Increase test coverage by @paultiq in tox-dev/filelock#434
... (truncated)
Changelog
Sourced from filelock's changelog.
Changelog
v3.12.0 (2023-04-18)
Make the thread local behavior something the caller can enable/disable via a flag during the lock creation, it's on
by default.
Better error handling on Windows.
v3.11.0 (2023-04-06)
Make the lock thread local.
v3.10.7 (2023-03-27)
Use fchmod instead of chmod to work around bug in PyPy via Anaconda.
v3.10.6 (2023-03-25)
Enhance the robustness of the try/catch block in _soft.py. by :user:jahrules.
v3.10.5 (2023-03-25)
Add explicit error check as certain UNIX filesystems do not support flock. by :user:jahrules.
v3.10.4 (2023-03-24)
Update os.open to preserve mode= for certain edge cases. by :user:jahrules.
v3.10.3 (2023-03-23)
Fix permission issue - by :user:jahrules.
v3.10.2 (2023-03-22)
Bug fix for using filelock with threaded programs causing undesired file permissions - by :user:jahrules.
v3.10.1 (2023-03-22)
Handle pickle for :class:filelock.Timeout :pr:203 - by :user:TheMatt2.
v3.10.0 (2023-03-15)
Add support for explicit file modes for lockfiles :pr:192 - by :user:jahrules.
v3.9.1 (2023-03-14)
Use time.perf_counter instead of time.monotonic for calculating timeouts.
Commits
41b42dd Fix TOCTOU symlink vulnerability in SoftFileLock (#465)
f2e7d40 [pre-commit.ci] pre-commit autoupdate (#464)
5088854 Support Unix systems without O_NOFOLLOW (#463)
377f622 [pre-commit.ci] pre-commit autoupdate (#460)
4724d7f Fix TOCTOU symlink vulnerability in lock file creation (#461)
cb69414 Bump actions/upload-artifact from 5 to 6 (#459)
0769294 Bump actions/download-artifact from 6 to 7 (#458)
414193a [pre-commit.ci] pre-commit autoupdate (#457)
1456797 [pre-commit.ci] pre-commit autoupdate (#456)
8d6bf90 Bump actions/checkout from 5 to 6 (#455)
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show
Open Graph Description: Bumps filelock from 3.9.0 to 3.20.3. Release notes Sourced from filelock's releases. 3.20.3 What's Changed Fix TOCTOU symlink vulnerability in SoftFileLock by @gaborbernat in tox-dev/f...
X Description: Bumps filelock from 3.9.0 to 3.20.3. Release notes Sourced from filelock's releases. 3.20.3 What's Changed Fix TOCTOU symlink vulnerability in SoftFileLock by @gaborbernat in t...
Opengraph URL: https://github.com/macadmins/python/pull/73
X: @github
Domain: patch-diff.githubusercontent.com
| route-pattern | /:user_id/:repository/pull/:id/checks(.:format) |
| route-controller | pull_requests |
| route-action | checks |
| fetch-nonce | v2:3ac26127-33b9-b5c8-7017-8493e9c7c734 |
| current-catalog-service-hash | 87dc3bc62d9b466312751bfd5f889726f4f1337bdff4e8be7da7c93d6c00a25a |
| request-id | D9DC:4D8F0:1DDD1A5:29DCC36:69823317 |
| html-safe-nonce | 1de1ef1a7b3ba2f4df0a7dd6de6f4583dc1daf11a44150661a9a316c5383e21c |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJEOURDOjREOEYwOjFEREQxQTU6MjlEQ0MzNjo2OTgyMzMxNyIsInZpc2l0b3JfaWQiOiI0NzYzMDU3MDE4NjQ5MDY0MjE1IiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0= |
| visitor-hmac | 268fdd37bc7bfb6561e6a8060e20b085bad54eb0a7392c3db2dc3d1e0ea0b920 |
| hovercard-subject-tag | pull_request:3171213041 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,checks,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/macadmins/python/pull/73/checks |
| twitter:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| og:image:alt | Bumps filelock from 3.9.0 to 3.20.3. Release notes Sourced from filelock's releases. 3.20.3 What's Changed Fix TOCTOU symlink vulnerability in SoftFileLock by @gaborbernat in tox-dev/f... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | 9200c22eadc77fb46da7f3065c3f5dbd68119fe90366eb8f2cba5dcd703a9791 |
| turbo-cache-control | no-cache |
| go-import | github.com/macadmins/python git https://github.com/macadmins/python.git |
| octolytics-dimension-user_id | 8491458 |
| octolytics-dimension-user_login | macadmins |
| octolytics-dimension-repository_id | 271851706 |
| octolytics-dimension-repository_nwo | macadmins/python |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 271851706 |
| octolytics-dimension-repository_network_root_nwo | macadmins/python |
| turbo-body-classes | logged-out env-production page-responsive full-width full-width-p-0 |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | e610a56e0569bf596eb9af47b60c456c2b4a965e |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width