Title: Bump filelock from 3.9.0 to 3.20.3 by dependabot[bot] · Pull Request #73 · macadmins/python · GitHub
Open Graph Title: Bump filelock from 3.9.0 to 3.20.3 by dependabot[bot] · Pull Request #73 · macadmins/python
X Title: Bump filelock from 3.9.0 to 3.20.3 by dependabot[bot] · Pull Request #73 · macadmins/python
Description: Bumps filelock from 3.9.0 to 3.20.3.
Release notes
Sourced from filelock's releases.
3.20.3
What's Changed
Fix TOCTOU symlink vulnerability in SoftFileLock by @gaborbernat in tox-dev/filelock#465
Full Changelog: tox-dev/filelock@3.20.2...3.20.3
3.20.2
What's Changed
Support Unix systems without O_NOFOLLOW by @mwilliamson in tox-dev/filelock#463
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in tox-dev/filelock#464
New Contributors
@mwilliamson made their first contribution in tox-dev/filelock#463
Full Changelog: tox-dev/filelock@3.20.1...3.20.2
3.20.1
What's Changed
CVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by @gaborbernat in tox-dev/filelock#461
Full Changelog: tox-dev/filelock@3.20.0...3.20.1
3.20.0
What's Changed
Add tox.toml to sdist by @mtelka in tox-dev/filelock#436
Update docs with example by @znichollscr in tox-dev/filelock#438
Add 3.14 support and drop 3.9 by @gaborbernat in tox-dev/filelock#448
New Contributors
@mtelka made their first contribution in tox-dev/filelock#436
@znichollscr made their first contribution in tox-dev/filelock#438
Full Changelog: tox-dev/filelock@3.19.1...3.20.0
3.19.1
What's Changed
add 3.14t (free threading) to matrix by @paultiq in tox-dev/filelock#433
Increase test coverage by @paultiq in tox-dev/filelock#434
... (truncated)
Changelog
Sourced from filelock's changelog.
Changelog
v3.12.0 (2023-04-18)
Make the thread local behavior something the caller can enable/disable via a flag during the lock creation, it's on
by default.
Better error handling on Windows.
v3.11.0 (2023-04-06)
Make the lock thread local.
v3.10.7 (2023-03-27)
Use fchmod instead of chmod to work around bug in PyPy via Anaconda.
v3.10.6 (2023-03-25)
Enhance the robustness of the try/catch block in _soft.py. by :user:jahrules.
v3.10.5 (2023-03-25)
Add explicit error check as certain UNIX filesystems do not support flock. by :user:jahrules.
v3.10.4 (2023-03-24)
Update os.open to preserve mode= for certain edge cases. by :user:jahrules.
v3.10.3 (2023-03-23)
Fix permission issue - by :user:jahrules.
v3.10.2 (2023-03-22)
Bug fix for using filelock with threaded programs causing undesired file permissions - by :user:jahrules.
v3.10.1 (2023-03-22)
Handle pickle for :class:filelock.Timeout :pr:203 - by :user:TheMatt2.
v3.10.0 (2023-03-15)
Add support for explicit file modes for lockfiles :pr:192 - by :user:jahrules.
v3.9.1 (2023-03-14)
Use time.perf_counter instead of time.monotonic for calculating timeouts.
Commits
41b42dd Fix TOCTOU symlink vulnerability in SoftFileLock (#465)
f2e7d40 [pre-commit.ci] pre-commit autoupdate (#464)
5088854 Support Unix systems without O_NOFOLLOW (#463)
377f622 [pre-commit.ci] pre-commit autoupdate (#460)
4724d7f Fix TOCTOU symlink vulnerability in lock file creation (#461)
cb69414 Bump actions/upload-artifact from 5 to 6 (#459)
0769294 Bump actions/download-artifact from 6 to 7 (#458)
414193a [pre-commit.ci] pre-commit autoupdate (#457)
1456797 [pre-commit.ci] pre-commit autoupdate (#456)
8d6bf90 Bump actions/checkout from 5 to 6 (#455)
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show
Open Graph Description: Bumps filelock from 3.9.0 to 3.20.3. Release notes Sourced from filelock's releases. 3.20.3 What's Changed Fix TOCTOU symlink vulnerability in SoftFileLock by @gaborbernat in tox-dev/f...
X Description: Bumps filelock from 3.9.0 to 3.20.3. Release notes Sourced from filelock's releases. 3.20.3 What's Changed Fix TOCTOU symlink vulnerability in SoftFileLock by @gaborbernat in t...
Opengraph URL: https://github.com/macadmins/python/pull/73
X: @github
Domain: patch-diff.githubusercontent.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:7f2dfb3b-3510-1f30-fc68-66f5e4aff9c6 |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | B8F2:70F23:65B9CF:8B6852:698249E7 |
| html-safe-nonce | 1a3f57b196605543147957b1110d6d2f7b6ef4a6da702547ead4f2e726a43984 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJCOEYyOjcwRjIzOjY1QjlDRjo4QjY4NTI6Njk4MjQ5RTciLCJ2aXNpdG9yX2lkIjoiNDQ4MDM5MzU0Mjg4MzIzMjIzMSIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | ee3a1c5e7b8f24868b277e56c668c00ad2227ee9d2adea59cc22e9e0f4e52cbc |
| hovercard-subject-tag | pull_request:3171213041 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/macadmins/python/pull/73/files |
| twitter:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| og:image:alt | Bumps filelock from 3.9.0 to 3.20.3. Release notes Sourced from filelock's releases. 3.20.3 What's Changed Fix TOCTOU symlink vulnerability in SoftFileLock by @gaborbernat in tox-dev/f... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | e2ebc70d7d37443ffd1ae8f91a253417e0725a69916687ec3b823f2451fb6caa |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/macadmins/python git https://github.com/macadmins/python.git |
| octolytics-dimension-user_id | 8491458 |
| octolytics-dimension-user_login | macadmins |
| octolytics-dimension-repository_id | 271851706 |
| octolytics-dimension-repository_nwo | macadmins/python |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 271851706 |
| octolytics-dimension-repository_network_root_nwo | macadmins/python |
| turbo-body-classes | logged-out env-production page-responsive full-width |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 6241ad74f49cf194bf94dad6a72d8792f1c2ab10 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width