dependabot[bot] opened a new pull request, #439: URL: https://github.com/apache/mesos/pull/439
Bumps [pyinstaller](https://github.com/pyinstaller/pyinstaller) from 3.4 to 3.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pyinstaller/pyinstaller/releases";>pyinstaller's releases</a>.</em></p> <blockquote> <h2>v3.6</h2> <p>See <a href="https://pyinstaller.readthedocs.io/en/v3.6/CHANGES.html";>https://pyinstaller.readthedocs.io/en/v3.6/CHANGES.html</a> for Changelog.</p> <h2>v3.5</h2> <p>See <a href="https://pyinstaller.readthedocs.io/en/v3.5/CHANGES.html";>https://pyinstaller.readthedocs.io/en/v3.5/CHANGES.html</a> for Changelog.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyinstaller/pyinstaller/blob/develop/doc/CHANGES-3.rst";>pyinstaller's changelog</a>.</em></p> <blockquote> <h1>Changelog for PyInstaller 3.0 – 3.6</h1> <h2>3.6 (2020-01-09)</h2> <p><strong>Important:</strong> This is the last release of PyInstaller supporting Python 2.7. Python 2 is end-of-life, many packages are about to <code>drop support for Python 2.7 <https://python3statement.org/></code>_ - or already did it.</p> <p>Security</p> <pre><code> * [SECURITY] (Win32) Fix CVE-2019-16784: Local Privilege Escalation caused by insecure directory permissions of sys._MEIPATH. This security fix effects all Windows software frozen by PyInstaller in "onefile" mode. While PyInstaller itself was not vulnerable, all Windows software frozen by PyInstaller in "onefile" mode is vulnerable. <p>If you are using PyInstaller to freeze Windows software using "onefile" mode, you should upgrade PyInstaller and rebuild your software.</p> <p>Features </code></pre></p> <ul> <li>(Windows): Applications built in windowed mode have their debug messages sent to any attached debugger or DebugView instead of message boxes. (:issue:<code>4288</code>)</li> <li>Better error message when file exists at path we want to be dir. (:issue:<code>4591</code>)</li> </ul> <p>Bugfix</p> <pre><code> * (Windows) Allow usage of `VSVersionInfo` as version argument to EXE again. (:issue:`4381`, :issue:`4539`) * (Windows) Fix MSYS2 dll's are not found by modulegraph. (:issue:`4125`, :issue:`4417`) * (Windows) The temporary copy of bootloader used add resources, icons, etc. is not created in --workpath instead of in %TEMP%. This fixes issues on systems where the anti-virus cleans %TEMP% immediately. (:issue:`3869`) * Do not fail the build when ``ldconfig`` is missing/inoperable. (:issue:`4261`) * Fixed loading of IPython extensions. (:issue:`4271`) * Fixed pre-find-module-path hook for `distutils` to be compatible with `virtualenv >= 16.3`. (:issue:`4064`, :issue:`4372`) * Improve error reporting when the Python library can't be found. </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyinstaller/pyinstaller/commit/6d4cce1f8eb80c0bf49d35876d28daa55a05800f";><code>6d4cce1</code></a> Release 3.6.</li> <li><a href="https://github.com/pyinstaller/pyinstaller/commit/9649913fd20b493487357d4f2f63c4eb192a0740";><code>9649913</code></a> Doc: Rebuild man-pages for release 3.6.</li> <li><a href="https://github.com/pyinstaller/pyinstaller/commit/51bcee4c41ad119d22c15be962f7d48f831283a3";><code>51bcee4</code></a> Update versions in README.</li> <li><a href="https://github.com/pyinstaller/pyinstaller/commit/3058682e668611e99f92bf2230f1f59f7aa65ddb";><code>3058682</code></a> Update CREDITS for release 3.6</li> <li><a href="https://github.com/pyinstaller/pyinstaller/commit/2232b5b9cafd12eabaea01ef60df98a431958c0f";><code>2232b5b</code></a> Preparing release 3.6</li> <li><a href="https://github.com/pyinstaller/pyinstaller/commit/95ff39d7bdcee13d1bcaa3419f74655c78a05d38";><code>95ff39d</code></a> pyproject.toml: Update config for towncrier.</li> <li><a href="https://github.com/pyinstaller/pyinstaller/commit/0d7ac32da25624159b805da65b91b64bf95e9a48";><code>0d7ac32</code></a> Hooks: Fix numpy and scipy hooks to find dlls in extra locations.</li> <li><a href="https://github.com/pyinstaller/pyinstaller/commit/2c16311e22d33b29833bbe13c97afa8f7f307ea5";><code>2c16311</code></a> Hooks: Add hook for sklearn.mixture.</li> <li><a href="https://github.com/pyinstaller/pyinstaller/commit/9882f871ad27e107b3fdbac242713c6773d121a1";><code>9882f87</code></a> Add more options to funding.yml.</li> <li><a href="https://github.com/pyinstaller/pyinstaller/commit/ddec55610148a7a15abf8701d32060cbd16a253b";><code>ddec556</code></a> Tests/CI: Use new label in .pyup.yml.</li> <li>Additional commits viewable in <a href="https://github.com/pyinstaller/pyinstaller/compare/v3.4...v3.6";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/mesos/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
