Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-jsonpickle for openSUSE:Factory checked in at 2024-07-01 11:21:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-jsonpickle (Old) and /work/SRC/openSUSE:Factory/.python-jsonpickle.new.18349 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-jsonpickle" Mon Jul 1 11:21:44 2024 rev:18 rq:1184137 version:3.2.2 Changes: -------- --- /work/SRC/openSUSE:Factory/python-jsonpickle/python-jsonpickle.changes 2024-06-19 16:41:19.115512821 +0200 +++ /work/SRC/openSUSE:Factory/.python-jsonpickle.new.18349/python-jsonpickle.changes 2024-07-01 11:22:35.659916240 +0200 @@ -1,0 +2,16 @@ +Sun Jun 30 20:34:24 UTC 2024 - Dirk Müller <[email protected]> + +- update to 3.2.2: + * A bug with the incorrect (de)serialization of NoneType + objects has been fixed. (+507) + * tests/benchmark.py was updated to avoid Python 2 syntax. + (+508) + * The unpickler was updated to avoid creating temporary + functions. (+508) + * Some basic scripts have been made to analyze benchmark + results. (+511) + * Fix test suite compatibility with Numpy 2.x (+512) + * setup.cfg was updated to use license_files instead of + license_file. + +------------------------------------------------------------------- Old: ---- jsonpickle-3.2.1.tar.gz New: ---- jsonpickle-3.2.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-jsonpickle.spec ++++++ --- /var/tmp/diff_new_pack.w65CkK/_old 2024-07-01 11:22:36.263938101 +0200 +++ /var/tmp/diff_new_pack.w65CkK/_new 2024-07-01 11:22:36.267938246 +0200 @@ -18,7 +18,7 @@ %{?sle15_python_module_pythons} Name: python-jsonpickle -Version: 3.2.1 +Version: 3.2.2 Release: 0 Summary: Python library for serializing any arbitrary object graph into JSON License: BSD-3-Clause ++++++ jsonpickle-3.2.1.tar.gz -> jsonpickle-3.2.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jsonpickle-3.2.1/.gitignore new/jsonpickle-3.2.2/.gitignore --- old/jsonpickle-3.2.1/.gitignore 2024-04-06 12:12:12.000000000 +0200 +++ new/jsonpickle-3.2.2/.gitignore 2024-06-20 06:57:29.000000000 +0200 @@ -23,3 +23,6 @@ # Local benchmarking files for Theelx kern*.py *.lprof +benchmark-*.json +perf.csv +perf.svg diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jsonpickle-3.2.1/CHANGES.rst new/jsonpickle-3.2.2/CHANGES.rst --- old/jsonpickle-3.2.1/CHANGES.rst 2024-06-09 09:25:11.000000000 +0200 +++ new/jsonpickle-3.2.2/CHANGES.rst 2024-06-20 07:06:23.000000000 +0200 @@ -1,3 +1,13 @@ +v3.2.2 +====== + * A bug with the incorrect (de)serialization of NoneType objects has been fixed. + (+507) + * ``tests/benchmark.py`` was updated to avoid Python 2 syntax. (+508) + * The unpickler was updated to avoid creating temporary functions. (+508) + * Some basic scripts have been made to analyze benchmark results. (+511) + * Fix test suite compatibility with Numpy 2.x (+512) + * `setup.cfg` was updated to use `license_files` instead of `license_file`. + v3.2.1 ====== * The ``ignorereserved`` parameter to the private ``_restore_from_dict()`` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jsonpickle-3.2.1/PKG-INFO new/jsonpickle-3.2.2/PKG-INFO --- old/jsonpickle-3.2.1/PKG-INFO 2024-06-09 09:27:31.694953200 +0200 +++ new/jsonpickle-3.2.2/PKG-INFO 2024-06-20 07:09:03.596748000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: jsonpickle -Version: 3.2.1 +Version: 3.2.2 Summary: Python library for serializing arbitrary object graphs into JSON Home-page: https://github.com/jsonpickle/jsonpickle Author: David Aguilar diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jsonpickle-3.2.1/SECURITY.md new/jsonpickle-3.2.2/SECURITY.md --- old/jsonpickle-3.2.1/SECURITY.md 1970-01-01 01:00:00.000000000 +0100 +++ new/jsonpickle-3.2.2/SECURITY.md 2024-06-12 11:01:01.000000000 +0200 @@ -0,0 +1,55 @@ +# Security Policy + +## Security contact information + +To report a security vulnerability, please use the +[Tidelift security contact](https://tidelift.com/security). +Tidelift will coordinate the fix and disclosure. + +## Reporting a vulnerability + +Even when unsure whether the bug in question is an exploitable +vulnerability, it is recommended to send the report and not to +discuss the issue anywhere else. + +Vulnerabilities are expected to be discussed _only_ via email, +and not in public, until an official release to address the +vulnerability is available. + +Examples for details to include: + +- Ideally a short description (or a script) to demonstrate an + exploit. +- The affected platforms and scenarios. +- The name and affiliation of the security researchers who are + involved in the discovery, if any. +- Whether the vulnerability has already been disclosed. +- How long an embargo would be required to be safe. + +## Supported Versions + +There are no official "Long Term Support" versions in jsonpickle. +Instead, the maintenance track (i.e. the versions based on the +most recently published feature release, also known as ".0" +version) sees occasional updates with bug fixes. + +Fixes to vulnerabilities are made for the maintenance track for +the latest feature release. The jsonpickle project makes no formal +guarantee for any older maintenance tracks to receive updates. +In practice, though, critical vulnerability fixes can be applied not +only to the most recent track, but to at least a couple more +maintenance tracks if requested by users. + +## Security + +The jsonpickle module **is not secure**. Only unpickle data you trust. + +It is possible to construct malicious pickle data which will **execute +arbitrary code during unpickling**. Never unpickle data that could have come +from an untrusted source, or that could have been tampered with. + +Consider signing data with an HMAC if you need to ensure that it has not +been tampered with. + +Safer deserialization approaches, such as reading JSON directly, +may be more appropriate if you are processing untrusted data. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jsonpickle-3.2.1/benchmarking/analyze_benchmarks.py new/jsonpickle-3.2.2/benchmarking/analyze_benchmarks.py --- old/jsonpickle-3.2.1/benchmarking/analyze_benchmarks.py 1970-01-01 01:00:00.000000000 +0100 +++ new/jsonpickle-3.2.2/benchmarking/analyze_benchmarks.py 2024-06-20 06:57:29.000000000 +0200 @@ -0,0 +1,63 @@ +import csv + +# makes math far easier +import numpy as np + + +def filter_results_by_name(results, substr): + perfs = [] + for name, perf in results.items(): + if substr in name: + perfs.append(perf) + return np.array(perfs) + + +def main(): + # using dicts seems easier at first but we'd have to eventually convert + # to a list for easy elementwise division or use an ugly loop + funcs = [] + main = [] + new = [] + + with open("perf.csv", "r") as f: + csv_reader = csv.reader(f) + # skip header row + next(csv_reader) + + # csv is sorted by name so we can assume even rows are main and odd are new + for indx, (func, median) in enumerate(csv_reader): + func = func.split("::")[-1] + # indx is even + if not (indx % 2): + funcs.append(func) + main.append(float(median)) + else: + new.append(float(median)) + + main = np.array(main) + new = np.array(new) + + relative_perfs = new / main + # more stats will be included when needed + print( + f"The new branch is {round(relative_perfs.mean(), 4)}x faster than the main branch aross all tests!" + ) + + results = {} + + for func_name, relative_perf in zip(funcs, relative_perfs): + # this allows us to categorize classes of results, such as encode vs decode + results[func_name] = relative_perf + + encode_perfs = filter_results_by_name(results, "encode") + decode_perfs = filter_results_by_name(results, "decode") + print( + f"The new branch is {round(encode_perfs.mean(), 4)}x faster than the main branch aross encode tests!" + ) + print( + f"The new branch is {round(decode_perfs.mean(), 4)}x faster than the main branch aross decode tests!" + ) + + +if __name__ == "__main__": + main() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jsonpickle-3.2.1/benchmarking/analyze_benchmarks.sh new/jsonpickle-3.2.2/benchmarking/analyze_benchmarks.sh --- old/jsonpickle-3.2.1/benchmarking/analyze_benchmarks.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/jsonpickle-3.2.2/benchmarking/analyze_benchmarks.sh 2024-06-20 06:57:29.000000000 +0200 @@ -0,0 +1,10 @@ +#!/bin/bash +DATEANDTIME=$(date +%Y-%m-%dT%T%z) +pytest --benchmark-only --benchmark-disable-gc --benchmark-json=./benchmark-new.json --benchmark-histogram=../images/benchmark-$DATEANDTIME ../jsonpickle_benchmarks.py +# assuming the user is doing work in a different branch than main +git checkout main +pytest --benchmark-only --benchmark-disable-gc --benchmark-json=./benchmark-main.json --benchmark-histogram=../images/benchmark-$DATEANDTIME ../jsonpickle_benchmarks.py +# return to previous branch +git checkout - +pytest-benchmark compare --columns=median --name=long --sort=fullname --csv=perf --histogram=perf benchmark-main.json benchmark-new.json +python3 analyze_benchmarks.py diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jsonpickle-3.2.1/jsonpickle/unpickler.py new/jsonpickle-3.2.2/jsonpickle/unpickler.py --- old/jsonpickle-3.2.1/jsonpickle/unpickler.py 2024-06-09 09:24:22.000000000 +0200 +++ new/jsonpickle-3.2.2/jsonpickle/unpickler.py 2024-06-20 06:57:22.000000000 +0200 @@ -208,6 +208,9 @@ return obj except (AttributeError, ImportError, ValueError): continue + # NoneType is a special case and can not be imported/created + if module_and_name == "builtins.NoneType": + return type(None) return None @@ -306,6 +309,11 @@ return tag in obj +def _passthrough(value): + """A function that returns its input as-is""" + return value + + class Unpickler(object): def __init__( self, @@ -347,14 +355,11 @@ method(obj, attr, proxy) self._proxies = [] - def _restore(self, obj): + def _restore(self, obj, _passthrough=_passthrough): # if obj isn't in these types, neither it nor nothing in it can have a tag # don't change the tuple of types to a set, it won't work with isinstance if not isinstance(obj, (str, list, dict, set, tuple)): - - def restore(x): - return x - + restore = _passthrough else: restore = self._restore_tags(obj) return restore(obj) @@ -586,7 +591,7 @@ ) return key - def _restore_key_fn(self): + def _restore_key_fn(self, _passthrough=_passthrough): """Return a callable that restores keys This function is responsible for restoring non-string keys @@ -601,10 +606,7 @@ if self.keys: restore_key = self._restore_pickled_key else: - - def restore_key(key): - return key - + restore_key = _passthrough return restore_key def _restore_from_dict( @@ -867,15 +869,11 @@ def _restore_tuple(self, obj): return tuple([self._restore(v) for v in obj[tags.TUPLE]]) - def _restore_tags(self, obj): + def _restore_tags(self, obj, _passthrough=_passthrough): """Return the restoration function for the specified object""" try: if not tags.RESERVED <= set(obj) and type(obj) not in (list, dict): - - def restore(x): - return x - - return restore + return _passthrough except TypeError: pass if type(obj) is dict: @@ -906,8 +904,5 @@ elif util.is_list(obj): restore = self._restore_list else: - - def restore(x): - return x - + restore = _passthrough return restore diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jsonpickle-3.2.1/jsonpickle.egg-info/PKG-INFO new/jsonpickle-3.2.2/jsonpickle.egg-info/PKG-INFO --- old/jsonpickle-3.2.1/jsonpickle.egg-info/PKG-INFO 2024-06-09 09:27:31.000000000 +0200 +++ new/jsonpickle-3.2.2/jsonpickle.egg-info/PKG-INFO 2024-06-20 07:09:03.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: jsonpickle -Version: 3.2.1 +Version: 3.2.2 Summary: Python library for serializing arbitrary object graphs into JSON Home-page: https://github.com/jsonpickle/jsonpickle Author: David Aguilar diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jsonpickle-3.2.1/jsonpickle.egg-info/SOURCES.txt new/jsonpickle-3.2.2/jsonpickle.egg-info/SOURCES.txt --- old/jsonpickle-3.2.1/jsonpickle.egg-info/SOURCES.txt 2024-06-09 09:27:31.000000000 +0200 +++ new/jsonpickle-3.2.2/jsonpickle.egg-info/SOURCES.txt 2024-06-20 07:09:03.000000000 +0200 @@ -8,6 +8,7 @@ LICENSE Makefile README.rst +SECURITY.md appveyor.yml azure-pipelines.yml conftest.py @@ -22,6 +23,8 @@ .github/FUNDING.yml .github/workflows/lint.yml .github/workflows/test.yml +benchmarking/analyze_benchmarks.py +benchmarking/analyze_benchmarks.sh contrib/copy-docs contrib/pyqt-reduce-handler.py docs/api.rst diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jsonpickle-3.2.1/setup.cfg new/jsonpickle-3.2.2/setup.cfg --- old/jsonpickle-3.2.1/setup.cfg 2024-06-09 09:27:31.694953200 +0200 +++ new/jsonpickle-3.2.2/setup.cfg 2024-06-20 07:09:03.596748000 +0200 @@ -1,5 +1,5 @@ [metadata] -license_file = LICENSE +license_files = LICENSE name = jsonpickle author = David Aguilar author_email = [email protected] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jsonpickle-3.2.1/tests/benchmark.py new/jsonpickle-3.2.2/tests/benchmark.py --- old/jsonpickle-3.2.1/tests/benchmark.py 2023-03-26 10:31:27.000000000 +0200 +++ new/jsonpickle-3.2.2/tests/benchmark.py 2024-06-12 11:01:01.000000000 +0200 @@ -23,7 +23,7 @@ pickled = jsonpickle.encode(doc) unpickled = jsonpickle.decode(pickled) if doc['feed']['title'] != unpickled['feed']['title']: - print 'Not a match' + print('Not a match') """ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jsonpickle-3.2.1/tests/jsonpickle_test.py new/jsonpickle-3.2.2/tests/jsonpickle_test.py --- old/jsonpickle-3.2.1/tests/jsonpickle_test.py 2024-06-09 06:39:15.000000000 +0200 +++ new/jsonpickle-3.2.2/tests/jsonpickle_test.py 2024-06-12 11:01:01.000000000 +0200 @@ -257,6 +257,12 @@ self.assertEqual(listD, self.pickler.flatten(listD)) self.assertEqual(listD, self.unpickler.restore(listD)) + def test_nonetype(self): + typ = type(None) + typ_pickled = jsonpickle.encode(typ) + typ_unpickled = jsonpickle.decode(typ_pickled) + self.assertEqual(typ, typ_unpickled) + def test_set(self): setlist = ['orange', 'apple', 'grape'] setA = set(setlist) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jsonpickle-3.2.1/tests/numpy_test.py new/jsonpickle-3.2.2/tests/numpy_test.py --- old/jsonpickle-3.2.1/tests/numpy_test.py 2024-04-11 11:22:13.000000000 +0200 +++ new/jsonpickle-3.2.2/tests/numpy_test.py 2024-06-12 11:01:01.000000000 +0200 @@ -32,9 +32,7 @@ dtypes = [ np.int_, np.int32, - np.float_, np.float64, - np.complex_, np.complex128, np.str_, np.object_, @@ -86,15 +84,14 @@ values = [ np.int_(1), np.int32(-2), - np.float_(2.5), + np.float64(2.5), np.nan, -np.inf, np.inf, np.datetime64('2014-01-01'), np.str_('foo'), - np.unicode_('bar'), np.object_({'a': 'b'}), - np.complex_(1 - 2j), + np.complex128(1 - 2j), ] for value in values: decoded = roundtrip(value) @@ -309,18 +306,22 @@ def test_byteorder(): """Test the byteorder for text and binary encodings""" # small arr is stored as text - a = np.arange(10).newbyteorder() - b = a[:].newbyteorder() - _a, _b = roundtrip([a, b]) - npt.assert_array_equal(a, _a) - npt.assert_array_equal(b, _b) + a = np.arange(10) + av = a.view(a.dtype.newbyteorder()) + b = a[:] + bv = b.view(b.dtype.newbyteorder()) + _av, _bv = roundtrip([av, bv]) + npt.assert_array_equal(av, _av) + npt.assert_array_equal(bv, _bv) # bigger arr is stored as binary - a = np.arange(100).newbyteorder() - b = a[:].newbyteorder() - _a, _b = roundtrip([a, b]) - npt.assert_array_equal(a, _a) - npt.assert_array_equal(b, _b) + a = np.arange(100) + av = a.view(a.dtype.newbyteorder()) + b = a[:] + bv = b.view(b.dtype.newbyteorder()) + _av, _bv = roundtrip([av, bv]) + npt.assert_array_equal(av, _av) + npt.assert_array_equal(bv, _bv) def test_zero_dimensional_array(): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jsonpickle-3.2.1/tests/pandas_test.py new/jsonpickle-3.2.2/tests/pandas_test.py --- old/jsonpickle-3.2.1/tests/pandas_test.py 2024-04-09 09:51:24.000000000 +0200 +++ new/jsonpickle-3.2.2/tests/pandas_test.py 2024-06-12 11:01:01.000000000 +0200 @@ -34,14 +34,13 @@ ser = pd.Series( { 'an_int': np.int_(1), - 'a_float': np.float_(2.5), + 'a_float': np.float64(2.5), 'a_nan': np.nan, 'a_minus_inf': -np.inf, 'an_inf': np.inf, 'a_str': np.str_('foo'), - 'a_unicode': np.unicode_('bar'), 'date': np.datetime64('2014-01-01'), - 'complex': np.complex_(1 - 2j), + 'complex': np.complex128(1 - 2j), # TODO: the following dtypes are not currently supported. # 'object': np.object_({'a': 'b'}), } @@ -54,14 +53,13 @@ df = pd.DataFrame( { 'an_int': np.int_([1, 2, 3]), - 'a_float': np.float_([2.5, 3.5, 4.5]), + 'a_float': np.float64([2.5, 3.5, 4.5]), 'a_nan': np.array([np.nan] * 3), 'a_minus_inf': np.array([-np.inf] * 3), 'an_inf': np.array([np.inf] * 3), 'a_str': np.str_('foo'), - 'a_unicode': np.unicode_('bar'), 'date': np.array([np.datetime64('2014-01-01')] * 3, dtype="datetime64[s]"), - 'complex': np.complex_([1 - 2j, 2 - 1.2j, 3 - 1.3j]), + 'complex': np.complex128([1 - 2j, 2 - 1.2j, 3 - 1.3j]), # TODO: the following dtypes are not currently supported. # 'object': np.object_([{'a': 'b'}]*3), } @@ -76,12 +74,11 @@ 'idx_lvl0': ['a', 'b', 'c'], 'idx_lvl1': np.int_([1, 1, 2]), 'an_int': np.int_([1, 2, 3]), - 'a_float': np.float_([2.5, 3.5, 4.5]), + 'a_float': np.float64([2.5, 3.5, 4.5]), 'a_nan': np.array([np.nan] * 3), 'a_minus_inf': np.array([-np.inf] * 3), 'an_inf': np.array([np.inf] * 3), 'a_str': np.str_('foo'), - 'a_unicode': np.unicode_('bar'), } ) df = df.set_index(['idx_lvl0', 'idx_lvl1'])
