Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-jaraco.context for
openSUSE:Factory checked in at 2026-01-21 14:12:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-jaraco.context (Old)
and /work/SRC/openSUSE:Factory/.python-jaraco.context.new.1928 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-jaraco.context"
Wed Jan 21 14:12:02 2026 rev:11 rq:1328242 version:6.1.0
Changes:
--------
---
/work/SRC/openSUSE:Factory/python-jaraco.context/python-jaraco.context.changes
2025-09-30 17:35:36.108148087 +0200
+++
/work/SRC/openSUSE:Factory/.python-jaraco.context.new.1928/python-jaraco.context.changes
2026-01-21 14:12:13.934020544 +0100
@@ -1,0 +2,7 @@
+Tue Jan 20 09:52:54 UTC 2026 - Nico Krapp <[email protected]>
+
+- Update to 6.1.0 (fixes CVE-2026-23949, bsc#1256954)
+ * In tarfile.context, ensure that the default filter honors the data filter
+ to avoid path traversal vulnerabilities.
+
+-------------------------------------------------------------------
Old:
----
jaraco_context-6.0.1.tar.gz
New:
----
jaraco_context-6.1.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-jaraco.context.spec ++++++
--- /var/tmp/diff_new_pack.e2MUl0/_old 2026-01-21 14:12:14.930062011 +0100
+++ /var/tmp/diff_new_pack.e2MUl0/_new 2026-01-21 14:12:14.934062178 +0100
@@ -1,7 +1,7 @@
#
# spec file for package python-jaraco.context
#
-# Copyright (c) 2025 SUSE LLC and contributors
+# Copyright (c) 2026 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%{?sle15_python_module_pythons}
Name: python-jaraco.context
-Version: 6.0.1
+Version: 6.1.0
Release: 0
Summary: Tools to work with functools
License: MIT
++++++ jaraco_context-6.0.1.tar.gz -> jaraco_context-6.1.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jaraco_context-6.0.1/.coveragerc
new/jaraco_context-6.1.0/.coveragerc
--- old/jaraco_context-6.0.1/.coveragerc 2024-08-20 05:39:01.000000000
+0200
+++ new/jaraco_context-6.1.0/.coveragerc 2026-01-13 03:53:29.000000000
+0100
@@ -8,6 +8,8 @@
[report]
show_missing = True
exclude_also =
- # jaraco/skeleton#97
- @overload
+ # Exclude common false positives per
+ #
https://coverage.readthedocs.io/en/latest/excluding.html#advanced-exclusion
+ # Ref jaraco/skeleton#97 and jaraco/skeleton#135
+ class .*\bProtocol\):
if TYPE_CHECKING:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jaraco_context-6.0.1/.github/dependabot.yml
new/jaraco_context-6.1.0/.github/dependabot.yml
--- old/jaraco_context-6.0.1/.github/dependabot.yml 2024-08-20
05:39:01.000000000 +0200
+++ new/jaraco_context-6.1.0/.github/dependabot.yml 1970-01-01
01:00:00.000000000 +0100
@@ -1,8 +0,0 @@
-version: 2
-updates:
- - package-ecosystem: "pip"
- directory: "/"
- schedule:
- interval: "daily"
- allow:
- - dependency-type: "all"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jaraco_context-6.0.1/.github/workflows/main.yml
new/jaraco_context-6.1.0/.github/workflows/main.yml
--- old/jaraco_context-6.0.1/.github/workflows/main.yml 2024-08-20
05:39:01.000000000 +0200
+++ new/jaraco_context-6.1.0/.github/workflows/main.yml 2026-01-13
03:53:29.000000000 +0100
@@ -10,6 +10,7 @@
# required if branches-ignore is supplied (jaraco/skeleton#103)
- '**'
pull_request:
+ workflow_dispatch:
permissions:
contents: read
@@ -20,7 +21,6 @@
# Suppress noisy pip warnings
PIP_DISABLE_PIP_VERSION_CHECK: 'true'
- PIP_NO_PYTHON_VERSION_WARNING: 'true'
PIP_NO_WARN_SCRIPT_LOCATION: 'true'
# Ensure tests can sense settings about the environment
@@ -34,27 +34,36 @@
# https://blog.jaraco.com/efficient-use-of-ci-resources/
matrix:
python:
- - "3.8"
- - "3.12"
+ - "3.9"
+ - "3.13"
platform:
- ubuntu-latest
- macos-latest
- windows-latest
include:
- - python: "3.9"
- platform: ubuntu-latest
- python: "3.10"
platform: ubuntu-latest
- python: "3.11"
platform: ubuntu-latest
+ - python: "3.12"
+ platform: ubuntu-latest
+ - python: "3.14"
+ platform: ubuntu-latest
- python: pypy3.10
platform: ubuntu-latest
runs-on: ${{ matrix.platform }}
- continue-on-error: ${{ matrix.python == '3.13' }}
+ continue-on-error: ${{ matrix.python == '3.14' }}
steps:
- uses: actions/checkout@v4
+ - name: Install build dependencies
+ # Install dependencies for building packages on pre-release Pythons
+ # jaraco/skeleton#161
+ if: matrix.python == '3.14' && matrix.platform == 'ubuntu-latest'
+ run: |
+ sudo apt update
+ sudo apt install -y libxml2-dev libxslt-dev
- name: Setup Python
- uses: actions/setup-python@v4
+ uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python }}
allow-prereleases: true
@@ -76,7 +85,7 @@
with:
fetch-depth: 0
- name: Setup Python
- uses: actions/setup-python@v4
+ uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Install tox
@@ -110,7 +119,7 @@
steps:
- uses: actions/checkout@v4
- name: Setup Python
- uses: actions/setup-python@v4
+ uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Install tox
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jaraco_context-6.0.1/.pre-commit-config.yaml
new/jaraco_context-6.1.0/.pre-commit-config.yaml
--- old/jaraco_context-6.0.1/.pre-commit-config.yaml 2024-08-20
05:39:01.000000000 +0200
+++ new/jaraco_context-6.1.0/.pre-commit-config.yaml 2026-01-13
03:53:29.000000000 +0100
@@ -1,6 +1,7 @@
repos:
- repo: https://github.com/astral-sh/ruff-pre-commit
- rev: v0.1.8
+ rev: v0.12.0
hooks:
- id: ruff
+ args: [--fix, --unsafe-fixes]
- id: ruff-format
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jaraco_context-6.0.1/.readthedocs.yaml
new/jaraco_context-6.1.0/.readthedocs.yaml
--- old/jaraco_context-6.0.1/.readthedocs.yaml 2024-08-20 05:39:01.000000000
+0200
+++ new/jaraco_context-6.1.0/.readthedocs.yaml 2026-01-13 03:53:29.000000000
+0100
@@ -5,6 +5,9 @@
extra_requirements:
- doc
+sphinx:
+ configuration: docs/conf.py
+
# required boilerplate readthedocs/readthedocs.org#10401
build:
os: ubuntu-lts-latest
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jaraco_context-6.0.1/LICENSE
new/jaraco_context-6.1.0/LICENSE
--- old/jaraco_context-6.0.1/LICENSE 2024-08-20 05:39:01.000000000 +0200
+++ new/jaraco_context-6.1.0/LICENSE 2026-01-13 03:53:49.000000000 +0100
@@ -1,17 +1,18 @@
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to
-deal in the Software without restriction, including without limitation the
-rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
-sell copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+MIT License
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
+Copyright (c) 2026 <copyright holders>
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
-IN THE SOFTWARE.
+Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and
+associated documentation files (the "Software"), to deal in the Software
without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the
+following conditions:
+
+The above copyright notice and this permission notice shall be included in all
copies or substantial
+portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT
+LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
AND NONINFRINGEMENT. IN NO
+EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE
+USE OR OTHER DEALINGS IN THE SOFTWARE.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jaraco_context-6.0.1/NEWS.rst
new/jaraco_context-6.1.0/NEWS.rst
--- old/jaraco_context-6.0.1/NEWS.rst 2024-08-20 05:39:01.000000000 +0200
+++ new/jaraco_context-6.1.0/NEWS.rst 2026-01-13 03:53:29.000000000 +0100
@@ -1,3 +1,18 @@
+v6.1.0
+======
+
+Features
+--------
+
+- In tarfile.context, ensure that the default filter honors the data filter to
avoid path traversal vulnerabilities.
+
+
+v6.0.2
+======
+
+No significant changes.
+
+
v6.0.1
======
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jaraco_context-6.0.1/PKG-INFO
new/jaraco_context-6.1.0/PKG-INFO
--- old/jaraco_context-6.0.1/PKG-INFO 2024-08-20 05:39:22.732852700 +0200
+++ new/jaraco_context-6.1.0/PKG-INFO 2026-01-13 03:53:49.933753500 +0100
@@ -1,25 +1,21 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
Name: jaraco.context
-Version: 6.0.1
+Version: 6.1.0
Summary: Useful decorators and context managers
Author-email: "Jason R. Coombs" <[email protected]>
+License-Expression: MIT
Project-URL: Source, https://github.com/jaraco/jaraco.context
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
-Requires-Python: >=3.8
+Requires-Python: >=3.9
Description-Content-Type: text/x-rst
License-File: LICENSE
Requires-Dist: backports.tarfile; python_version < "3.12"
Provides-Extra: test
Requires-Dist: pytest!=8.1.*,>=6; extra == "test"
-Requires-Dist: pytest-checkdocs>=2.4; extra == "test"
-Requires-Dist: pytest-cov; extra == "test"
-Requires-Dist: pytest-mypy; extra == "test"
-Requires-Dist: pytest-enabler>=2.2; extra == "test"
-Requires-Dist: pytest-ruff>=0.2.1; sys_platform != "cygwin" and extra == "test"
+Requires-Dist: jaraco.test>=5.6.0; extra == "test"
Requires-Dist: portend; extra == "test"
Provides-Extra: doc
Requires-Dist: sphinx>=3.5; extra == "doc"
@@ -28,6 +24,17 @@
Requires-Dist: furo; extra == "doc"
Requires-Dist: sphinx-lint; extra == "doc"
Requires-Dist: jaraco.tidelift>=1.4; extra == "doc"
+Provides-Extra: check
+Requires-Dist: pytest-checkdocs>=2.4; extra == "check"
+Requires-Dist: pytest-ruff>=0.2.1; sys_platform != "cygwin" and extra ==
"check"
+Provides-Extra: cover
+Requires-Dist: pytest-cov; extra == "cover"
+Provides-Extra: enabler
+Requires-Dist: pytest-enabler>=3.4; extra == "enabler"
+Provides-Extra: type
+Requires-Dist: pytest-mypy>=1.0.1; extra == "type"
+Requires-Dist: mypy<1.19; platform_python_implementation == "PyPy" and extra
== "type"
+Dynamic: license-file
.. image:: https://img.shields.io/pypi/v/jaraco.context.svg
:target: https://pypi.org/project/jaraco.context
@@ -38,14 +45,14 @@
:target:
https://github.com/jaraco/jaraco.context/actions?query=workflow%3A%22tests%22
:alt: tests
-.. image::
https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets/badge/v2.json
+.. image::
https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json
:target: https://github.com/astral-sh/ruff
:alt: Ruff
.. image:: https://readthedocs.org/projects/jaracocontext/badge/?version=latest
:target: https://jaracocontext.readthedocs.io/en/latest/?badge=latest
-.. image:: https://img.shields.io/badge/skeleton-2024-informational
+.. image:: https://img.shields.io/badge/skeleton-2025-informational
:target: https://blog.jaraco.com/skeleton
.. image:: https://tidelift.com/badges/package/pypi/jaraco.context
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jaraco_context-6.0.1/README.rst
new/jaraco_context-6.1.0/README.rst
--- old/jaraco_context-6.0.1/README.rst 2024-08-20 05:39:01.000000000 +0200
+++ new/jaraco_context-6.1.0/README.rst 2026-01-13 03:53:29.000000000 +0100
@@ -7,14 +7,14 @@
:target:
https://github.com/jaraco/jaraco.context/actions?query=workflow%3A%22tests%22
:alt: tests
-.. image::
https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets/badge/v2.json
+.. image::
https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json
:target: https://github.com/astral-sh/ruff
:alt: Ruff
.. image:: https://readthedocs.org/projects/jaracocontext/badge/?version=latest
:target: https://jaracocontext.readthedocs.io/en/latest/?badge=latest
-.. image:: https://img.shields.io/badge/skeleton-2024-informational
+.. image:: https://img.shields.io/badge/skeleton-2025-informational
:target: https://blog.jaraco.com/skeleton
.. image:: https://tidelift.com/badges/package/pypi/jaraco.context
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jaraco_context-6.0.1/conftest.py
new/jaraco_context-6.1.0/conftest.py
--- old/jaraco_context-6.0.1/conftest.py 2024-08-20 05:39:01.000000000
+0200
+++ new/jaraco_context-6.1.0/conftest.py 2026-01-13 03:53:29.000000000
+0100
@@ -1,6 +1,6 @@
+import functools
import http.server
import io
-import functools
import tarfile
import threading
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jaraco_context-6.0.1/docs/conf.py
new/jaraco_context-6.1.0/docs/conf.py
--- old/jaraco_context-6.0.1/docs/conf.py 2024-08-20 05:39:01.000000000
+0200
+++ new/jaraco_context-6.1.0/docs/conf.py 2026-01-13 03:53:29.000000000
+0100
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
extensions = [
'sphinx.ext.autodoc',
'jaraco.packaging.sphinx',
@@ -30,6 +32,7 @@
# Be strict about any broken references
nitpicky = True
+nitpick_ignore: list[tuple[str, str]] = []
nitpick_ignore = [
('py:class', 'contextlib.suppress'),
@@ -47,4 +50,15 @@
# Preserve authored syntax for defaults
autodoc_preserve_defaults = True
+# Add support for linking usernames, PyPI projects, Wikipedia pages
+github_url = 'https://github.com/'
+extlinks = {
+ 'user': (f'{github_url}%s', '@%s'),
+ 'pypi': ('https://pypi.org/project/%s', '%s'),
+ 'wiki': ('https://wikipedia.org/wiki/%s', '%s'),
+}
+extensions += ['sphinx.ext.extlinks']
+
+# local
+
extensions += ['jaraco.tidelift']
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jaraco_context-6.0.1/jaraco/context/__init__.py
new/jaraco_context-6.1.0/jaraco/context/__init__.py
--- old/jaraco_context-6.0.1/jaraco/context/__init__.py 2024-08-20
05:39:01.000000000 +0200
+++ new/jaraco_context-6.1.0/jaraco/context/__init__.py 2026-01-13
03:53:29.000000000 +0100
@@ -12,8 +12,7 @@
import sys
import tempfile
import urllib.request
-from typing import Iterator
-
+from collections.abc import Iterator
if sys.version_info < (3, 12):
from backports import tarfile
@@ -78,12 +77,19 @@
try:
req = urllib.request.urlopen(url)
with tarfile.open(fileobj=req, mode='r|*') as tf:
- tf.extractall(path=target_dir, filter=strip_first_component)
+ tf.extractall(path=target_dir, filter=_default_filter)
yield target_dir
finally:
shutil.rmtree(target_dir)
+def _compose_tarfile_filters(*filters):
+ def compose_two(f1, f2):
+ return lambda member, path: f1(f2(member, path), path)
+
+ return functools.reduce(compose_two, filters, lambda member, path: member)
+
+
def strip_first_component(
member: tarfile.TarInfo,
path,
@@ -92,6 +98,9 @@
return member
+_default_filter = _compose_tarfile_filters(tarfile.data_filter,
strip_first_component)
+
+
def _compose(*cmgrs):
"""
Compose any number of dependent context managers into a single one.
@@ -181,6 +190,8 @@
If dest_ctx is supplied, it should be a context manager
to yield the target directory for the check out.
+ >>> getfixture('ensure_git')
+ >>> getfixture('needs_internet')
>>> repo = repo_context('https://github.com/jaraco/jaraco.context')
>>> with repo as dest:
... listing = os.listdir(dest)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/jaraco_context-6.0.1/jaraco.context.egg-info/PKG-INFO
new/jaraco_context-6.1.0/jaraco.context.egg-info/PKG-INFO
--- old/jaraco_context-6.0.1/jaraco.context.egg-info/PKG-INFO 2024-08-20
05:39:22.000000000 +0200
+++ new/jaraco_context-6.1.0/jaraco.context.egg-info/PKG-INFO 2026-01-13
03:53:49.000000000 +0100
@@ -1,25 +1,21 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
Name: jaraco.context
-Version: 6.0.1
+Version: 6.1.0
Summary: Useful decorators and context managers
Author-email: "Jason R. Coombs" <[email protected]>
+License-Expression: MIT
Project-URL: Source, https://github.com/jaraco/jaraco.context
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
-Requires-Python: >=3.8
+Requires-Python: >=3.9
Description-Content-Type: text/x-rst
License-File: LICENSE
Requires-Dist: backports.tarfile; python_version < "3.12"
Provides-Extra: test
Requires-Dist: pytest!=8.1.*,>=6; extra == "test"
-Requires-Dist: pytest-checkdocs>=2.4; extra == "test"
-Requires-Dist: pytest-cov; extra == "test"
-Requires-Dist: pytest-mypy; extra == "test"
-Requires-Dist: pytest-enabler>=2.2; extra == "test"
-Requires-Dist: pytest-ruff>=0.2.1; sys_platform != "cygwin" and extra == "test"
+Requires-Dist: jaraco.test>=5.6.0; extra == "test"
Requires-Dist: portend; extra == "test"
Provides-Extra: doc
Requires-Dist: sphinx>=3.5; extra == "doc"
@@ -28,6 +24,17 @@
Requires-Dist: furo; extra == "doc"
Requires-Dist: sphinx-lint; extra == "doc"
Requires-Dist: jaraco.tidelift>=1.4; extra == "doc"
+Provides-Extra: check
+Requires-Dist: pytest-checkdocs>=2.4; extra == "check"
+Requires-Dist: pytest-ruff>=0.2.1; sys_platform != "cygwin" and extra ==
"check"
+Provides-Extra: cover
+Requires-Dist: pytest-cov; extra == "cover"
+Provides-Extra: enabler
+Requires-Dist: pytest-enabler>=3.4; extra == "enabler"
+Provides-Extra: type
+Requires-Dist: pytest-mypy>=1.0.1; extra == "type"
+Requires-Dist: mypy<1.19; platform_python_implementation == "PyPy" and extra
== "type"
+Dynamic: license-file
.. image:: https://img.shields.io/pypi/v/jaraco.context.svg
:target: https://pypi.org/project/jaraco.context
@@ -38,14 +45,14 @@
:target:
https://github.com/jaraco/jaraco.context/actions?query=workflow%3A%22tests%22
:alt: tests
-.. image::
https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets/badge/v2.json
+.. image::
https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json
:target: https://github.com/astral-sh/ruff
:alt: Ruff
.. image:: https://readthedocs.org/projects/jaracocontext/badge/?version=latest
:target: https://jaracocontext.readthedocs.io/en/latest/?badge=latest
-.. image:: https://img.shields.io/badge/skeleton-2024-informational
+.. image:: https://img.shields.io/badge/skeleton-2025-informational
:target: https://blog.jaraco.com/skeleton
.. image:: https://tidelift.com/badges/package/pypi/jaraco.context
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/jaraco_context-6.0.1/jaraco.context.egg-info/SOURCES.txt
new/jaraco_context-6.1.0/jaraco.context.egg-info/SOURCES.txt
--- old/jaraco_context-6.0.1/jaraco.context.egg-info/SOURCES.txt
2024-08-20 05:39:22.000000000 +0200
+++ new/jaraco_context-6.1.0/jaraco.context.egg-info/SOURCES.txt
2026-01-13 03:53:49.000000000 +0100
@@ -14,7 +14,6 @@
towncrier.toml
tox.ini
.github/FUNDING.yml
-.github/dependabot.yml
.github/workflows/main.yml
docs/conf.py
docs/history.rst
@@ -25,4 +24,5 @@
jaraco.context.egg-info/requires.txt
jaraco.context.egg-info/top_level.txt
jaraco/context/__init__.py
-jaraco/context/py.typed
\ No newline at end of file
+jaraco/context/py.typed
+tests/test_safety.py
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/jaraco_context-6.0.1/jaraco.context.egg-info/requires.txt
new/jaraco_context-6.1.0/jaraco.context.egg-info/requires.txt
--- old/jaraco_context-6.0.1/jaraco.context.egg-info/requires.txt
2024-08-20 05:39:22.000000000 +0200
+++ new/jaraco_context-6.1.0/jaraco.context.egg-info/requires.txt
2026-01-13 03:53:49.000000000 +0100
@@ -2,6 +2,15 @@
[:python_version < "3.12"]
backports.tarfile
+[check]
+pytest-checkdocs>=2.4
+
+[check:sys_platform != "cygwin"]
+pytest-ruff>=0.2.1
+
+[cover]
+pytest-cov
+
[doc]
sphinx>=3.5
jaraco.packaging>=9.3
@@ -10,13 +19,16 @@
sphinx-lint
jaraco.tidelift>=1.4
+[enabler]
+pytest-enabler>=3.4
+
[test]
pytest!=8.1.*,>=6
-pytest-checkdocs>=2.4
-pytest-cov
-pytest-mypy
-pytest-enabler>=2.2
+jaraco.test>=5.6.0
portend
-[test:sys_platform != "cygwin"]
-pytest-ruff>=0.2.1
+[type]
+pytest-mypy>=1.0.1
+
+[type:platform_python_implementation == "PyPy"]
+mypy<1.19
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jaraco_context-6.0.1/mypy.ini
new/jaraco_context-6.1.0/mypy.ini
--- old/jaraco_context-6.0.1/mypy.ini 2024-08-20 05:39:01.000000000 +0200
+++ new/jaraco_context-6.1.0/mypy.ini 2026-01-13 03:53:29.000000000 +0100
@@ -1,5 +1,19 @@
[mypy]
-ignore_missing_imports = True
-# required to support namespace packages
-# https://github.com/python/mypy/issues/14057
+# Is the project well-typed?
+strict = False
+
+# Early opt-in even when strict = False
+warn_unused_ignores = True
+warn_redundant_casts = True
+enable_error_code = ignore-without-code
+
+# Support namespace packages per https://github.com/python/mypy/issues/14057
explicit_package_bases = True
+
+disable_error_code =
+ # Disable due to many false positives
+ overload-overlap,
+
+# jaraco/portend#17
+[mypy-portend.*]
+ignore_missing_imports = True
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jaraco_context-6.0.1/pyproject.toml
new/jaraco_context-6.1.0/pyproject.toml
--- old/jaraco_context-6.0.1/pyproject.toml 2024-08-20 05:39:01.000000000
+0200
+++ new/jaraco_context-6.1.0/pyproject.toml 2026-01-13 03:53:29.000000000
+0100
@@ -1,5 +1,10 @@
[build-system]
-requires = ["setuptools>=61.2", "setuptools_scm[toml]>=3.4.1"]
+requires = [
+ "setuptools>=77",
+ "setuptools_scm[toml]>=3.4.1",
+ # jaraco/skeleton#174
+ "coherent.licensed",
+]
build-backend = "setuptools.build_meta"
[project]
@@ -12,11 +17,11 @@
classifiers = [
"Development Status :: 5 - Production/Stable",
"Intended Audience :: Developers",
- "License :: OSI Approved :: MIT License",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3 :: Only",
]
-requires-python = ">=3.8"
+requires-python = ">=3.9"
+license = "MIT"
dependencies = [
'backports.tarfile; python_version < "3.12"',
]
@@ -29,15 +34,12 @@
test = [
# upstream
"pytest >= 6, != 8.1.*",
- "pytest-checkdocs >= 2.4",
- "pytest-cov",
- "pytest-mypy",
- "pytest-enabler >= 2.2",
- "pytest-ruff >= 0.2.1; sys_platform != 'cygwin'",
# local
+ "jaraco.test >= 5.6.0",
"portend",
]
+
doc = [
# upstream
"sphinx >= 3.5",
@@ -52,4 +54,32 @@
# local
]
+check = [
+ "pytest-checkdocs >= 2.4",
+ "pytest-ruff >= 0.2.1; sys_platform != 'cygwin'",
+]
+
+cover = [
+ "pytest-cov",
+]
+
+enabler = [
+ "pytest-enabler >= 3.4",
+]
+
+type = [
+ # upstream
+ "pytest-mypy >= 1.0.1",
+
+ ## workaround for python/mypy#20454
+ "mypy < 1.19; python_implementation == 'PyPy'",
+
+ # local
+]
+
+
[tool.setuptools_scm]
+
+
+[tool.pytest-enabler.mypy]
+# Disabled due to jaraco/skeleton#143
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jaraco_context-6.0.1/ruff.toml
new/jaraco_context-6.1.0/ruff.toml
--- old/jaraco_context-6.0.1/ruff.toml 2024-08-20 05:39:01.000000000 +0200
+++ new/jaraco_context-6.1.0/ruff.toml 2026-01-13 03:53:29.000000000 +0100
@@ -1,10 +1,31 @@
[lint]
extend-select = [
- "C901",
- "PERF401",
- "W",
+ # upstream
+
+ "C901", # complex-structure
+ "I", # isort
+ "PERF401", # manual-list-comprehension
+
+ # Ensure modern type annotation syntax and best practices
+ # Not including those covered by type-checkers or exclusive to Python
3.11+
+ "FA", # flake8-future-annotations
+ "F404", # late-future-import
+ "PYI", # flake8-pyi
+ "UP006", # non-pep585-annotation
+ "UP007", # non-pep604-annotation
+ "UP010", # unnecessary-future-import
+ "UP035", # deprecated-import
+ "UP037", # quoted-annotation
+ "UP043", # unnecessary-default-type-args
+
+ # local
]
ignore = [
+ # upstream
+
+ # Typeshed rejects complex or non-literal defaults for maintenance and
testing reasons,
+ # irrelevant to this project.
+ "PYI011", # typed-argument-default-in-stub
# https://docs.astral.sh/ruff/formatter/#conflicting-lint-rules
"W191",
"E111",
@@ -18,8 +39,8 @@
"Q003",
"COM812",
"COM819",
- "ISC001",
- "ISC002",
+
+ # local
]
[format]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jaraco_context-6.0.1/tests/test_safety.py
new/jaraco_context-6.1.0/tests/test_safety.py
--- old/jaraco_context-6.0.1/tests/test_safety.py 1970-01-01
01:00:00.000000000 +0100
+++ new/jaraco_context-6.1.0/tests/test_safety.py 2026-01-13
03:53:29.000000000 +0100
@@ -0,0 +1,72 @@
+import io
+import sys
+import types
+from contextlib import nullcontext as does_not_raise
+
+import pytest
+
+import jaraco.context
+from jaraco.context import tarfile
+
+
+def make_tarball_with(member):
+ tar_data = io.BytesIO()
+ with tarfile.open(fileobj=tar_data, mode='w') as tar:
+ tarinfo = tarfile.TarInfo(name=member.path)
+ content = f'content for {member.path}'
+ bin_content = content.encode('ascii')
+ tarinfo.size = len(bin_content)
+ tar.addfile(tarinfo, io.BytesIO(bin_content))
+
+ tar_data.seek(0)
+ return tar_data
+
+
+cases = [
+ types.SimpleNamespace(
+ path='dummy_dir/legitimate_file.txt',
+ expect=does_not_raise(),
+ ),
+ pytest.param(
+ types.SimpleNamespace(
+ path='dummy_dir/subdir/../legitimate_file.txt',
+ expect=does_not_raise(),
+ ),
+ marks=pytest.mark.skipif(
+ (3, 11) < sys.version_info < (3, 13),
+ reason='Fails with FileExistsError on Python 3.12',
+ ),
+ ),
+ types.SimpleNamespace(
+ path='dummy_dir/../../tmp/pwned_by_zipslip.txt',
+ expect=pytest.raises(tarfile.OutsideDestinationError),
+ ),
+ types.SimpleNamespace(
+ path='dummy_dir/../../../../home/pwned_home.txt',
+ expect=pytest.raises(tarfile.OutsideDestinationError),
+ ),
+ types.SimpleNamespace(
+ path='dummy_dir/../escaped.txt',
+ expect=pytest.raises(tarfile.OutsideDestinationError),
+ ),
+]
+
+
[email protected](params=cases)
+def tarfile_case(request):
+ with tarfile.open(fileobj=make_tarball_with(request.param), mode='r') as
tf:
+ yield types.SimpleNamespace(
+ tarfile=tf,
+ expect=request.param.expect,
+ )
+
+
+def test_zipslip_exploit(tmp_path, tarfile_case):
+ """
+ Ensure that protections from the default tarfile filter are applied.
+ """
+ (member,) = tarfile_case.tarfile
+ with tarfile_case.expect:
+ tarfile_case.tarfile.extract(
+ member, path=tmp_path, filter=jaraco.context._default_filter
+ )
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jaraco_context-6.0.1/towncrier.toml
new/jaraco_context-6.1.0/towncrier.toml
--- old/jaraco_context-6.0.1/towncrier.toml 2024-08-20 05:39:01.000000000
+0200
+++ new/jaraco_context-6.1.0/towncrier.toml 2026-01-13 03:53:29.000000000
+0100
@@ -1,2 +1,3 @@
[tool.towncrier]
title_format = "{version}"
+directory = "newsfragments" # jaraco/skeleton#184
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jaraco_context-6.0.1/tox.ini
new/jaraco_context-6.1.0/tox.ini
--- old/jaraco_context-6.0.1/tox.ini 2024-08-20 05:39:01.000000000 +0200
+++ new/jaraco_context-6.1.0/tox.ini 2026-01-13 03:53:29.000000000 +0100
@@ -8,6 +8,10 @@
usedevelop = True
extras =
test
+ check
+ cover
+ enabler
+ type
[testenv:diffcov]
description = run tests and check that diff from main is covered
@@ -27,9 +31,7 @@
changedir = docs
commands =
python -m sphinx -W --keep-going . {toxinidir}/build/html
- python -m sphinxlint \
- # workaround for sphinx-contrib/sphinx-lint#83
- --jobs 1
+ python -m sphinxlint
[testenv:finalize]
description = assemble changelog and tag a release
