disfactory-notification

Month: 2025-03

2020-09 (51)
2020-10 (92)
2020-11 (209)
2020-12 (97)
2021-01 (87)
2021-02 (160)
2021-03 (231)
2021-04 (149)
2021-05 (142)
2021-06 (115)
2021-07 (70)
2021-08 (62)
2021-09 (103)
2021-10 (148)
2021-11 (159)
2021-12 (134)
2022-01 (128)
2022-02 (214)
2022-03 (264)
2022-04 (531)
2022-05 (198)
2022-06 (108)
2022-07 (130)
2022-08 (243)
2022-09 (248)
2022-10 (120)
2022-11 (126)
2022-12 (130)
2023-01 (89)
2023-02 (103)
2023-03 (169)
2023-04 (84)
2023-05 (166)
2023-06 (143)
2023-07 (149)
2023-08 (107)
2023-09 (136)
2023-10 (100)
2023-11 (118)
2023-12 (102)
2024-01 (72)
2024-02 (70)
2024-03 (100)
2024-04 (88)
2024-05 (2)
2024-06 (31)
2024-07 (4)
2024-08 (6)
2024-09 (6)
2024-10 (40)
2024-11 (21)
2024-12 (6)
2025-01 (6)
2025-02 (2)
2025-03 (9)
2025-04 (10)

2025-03-05

github2 21:17:49

<https://github.com/Disfactory/Disfactory/issues/652|#652 新版地號格式支援問題>

這個是我們新提案想運用的資料：<https://www.cto.moea.gov.tw/FactoryMCLA/upload/information_upload/11401%E5%85%A7%E6%94%BF%E9%83%A8%E9%81%95%E5%8F%8D%E5%9C%9F%E5%9C%B0%E4%BD%BF%E7%94%A8%E6%9F%A5%E8%99%95%E5%90%8D%E5%96%AE.ods|各縣市疑似違反土地使用查處名單> 但遇到一個問題是表格裡面有新版、舊版地號混用的情況新版地號分別為地號母號、地號子號各4碼，一共為8碼例：啟明段01320002 (舊版為啟明段132-2地號) 所以也想確認我們地號轉經緯度的功能是否有同時支援新格式與舊格式？

github2 21:17:49

<https://github.com/Disfactory/Disfactory/issues/652|#652 新版地號格式支援問題>

<https://www.cto.moea.gov.tw/FactoryMCLA/upload/information_upload/11401%E5%85%A7%E6%94%BF%E9%83%A8%E9%81%95%E5%8F%8D%E5%9C%9F%E5%9C%B0%E4%BD%BF%E7%94%A8%E6%9F%A5%E8%99%95%E5%90%8D%E5%96%AE.ods|各縣市疑似違反土地使用查處名單> 新版地號分別為地號母號、地號子號各4碼，一共為8碼例：啟明段01320002 我們地號轉經緯度的功能是否有同時支援新格式與舊格式？

2025-03-06

github2 07:45:48

<https://github.com/Disfactory/Disfactory/pull/653|#653 Bump jinja2 from 3.0.1 to 3.1.6 in /backend>

Bumps <https://github.com/pallets/jinja|jinja2> from 3.0.1 to 3.1.6. Release notes _Sourced from <https://github.com/pallets/jinja/releases|jinja2's releases>._ > *3.1.6* > > This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release. > PyPI: <https://pypi.org/project/Jinja2/3.1.6/|https://pypi.org/project/Jinja2/3.1.6/>Changes: <https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6|https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6> > • The `|attr` filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. <https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7 "GHSA-cpwx-vrp4-4pq7"|GHSA-cpwx-vrp4-4pq7> > > *3.1.5* > > This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release. > PyPI: <https://pypi.org/project/Jinja2/3.1.5/|https://pypi.org/project/Jinja2/3.1.5/>Changes: <https://jinja.palletsprojects.com/changes/#version-3-1-5|https://jinja.palletsprojects.com/changes/#version-3-1-5>Milestone: <https://github.com/pallets/jinja/milestone/16?closed=1|https://github.com/pallets/jinja/milestone/16?closed=1> > • The sandboxed environment handles indirect calls to `str.format`, such as by passing a stored reference to a filter that calls its argument. <https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h|GHSA-q2x7-8rv6-6q7h> > • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. <https://redirect.github.com/pallets/jinja/issues/1792|#1792>, <https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699|GHSA-gmj6-6f8f-6699> > • Sandbox does not allow `clear` and `pop` on known mutable sequence types. <https://redirect.github.com/pallets/jinja/issues/2032|#2032> > • Calling sync `render` for an async template uses `asyncio.run`. <https://redirect.github.com/pallets/jinja/issues/1952|#1952> > • Avoid unclosed `auto_aiter` warnings. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Return an `aclose`-able `AsyncGenerator` from `Template.generate_async`. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Avoid leaving `root_render_func()` unclosed in `Template.generate_async`. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Avoid leaving async generators unclosed in blocks, includes and extends. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • The runtime uses the correct `concat` function for the current environment when calling block references. <https://redirect.github.com/pallets/jinja/issues/1701|#1701> > • Make `|unique` async-aware, allowing it to be used after another async-aware filter. <https://redirect.github.com/pallets/jinja/issues/1781|#1781> > • `|int` filter handles `OverflowError` from scientific notation. <https://redirect.github.com/pallets/jinja/issues/1921|#1921> > • Make compiling deterministic for tuple unpacking in a `{% set ... %}` call. <https://redirect.github.com/pallets/jinja/issues/2021|#2021> > • Fix dunder protocol (`copy`/`pickle`/etc) interaction with `Undefined` objects. <https://redirect.github.com/pallets/jinja/issues/2025|#2025> > • Fix `copy`/`pickle` support for the internal `missing` object. <https://redirect.github.com/pallets/jinja/issues/2027|#2027> > • `Environment.overlay(enable_async)` is applied correctly. <https://redirect.github.com/pallets/jinja/issues/2061|#2061> > • The error message from `FileSystemLoader` includes the paths that were searched. <https://redirect.github.com/pallets/jinja/issues/1661|#1661> > • `PackageLoader` shows a clearer error message when the package does not contain the templates directory. <https://redirect.github.com/pallets/jinja/issues/1705|#1705> > • Improve annotations for methods returning copies. <https://redirect.github.com/pallets/jinja/issues/1880|#1880> > • `urlize` does not add `mailto:` to values like `@a@b`. <https://redirect.github.com/pallets/jinja/issues/1870|#1870> > • Tests decorated with `@pass_context` can be used with the `|select` filter. <https://redirect.github.com/pallets/jinja/issues/1624|#1624> > • Using `set` for multiple assignment (`a, b = 1, 2`) does not fail when the target is a namespace attribute. <https://redirect.github.com/pallets/jinja/issues/1413|#1413> > • Using `set` in all branches of `{% if %}{% elif %}{% else %}` blocks does not cause the variable to be considered initially undefined. <https://redirect.github.com/pallets/jinja/issues/1253|#1253> > > *3.1.4* > > This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes. > PyPI: <https://pypi.org/project/Jinja2/3.1.4/|https://pypi.org/project/Jinja2/3.1.4/>Changes: <https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4|https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4> > • The `xmlattr` filter does not allow keys with `/` solidus, `>` greater-than sign, or `=` equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. <https://github.com/advisories/GHSA-h75v-3vvj-5mfj "GHSA-h75v-3vvj-5mfj"|GHSA-h75v-3vvj-5mfj> > > *3.1.3* > > This is a fix release for the 3.1.x feature branch. > • Fix for <https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95|GHSA-h5c8-rqwp-cp95>. You are affected if you are using `xmlattr` and passing user input as attribute keys. ... (truncated) Changelog _Sourced from <https://github.com/pallets/jinja/blob/main/CHANGES.rst|jinja2's changelog>._ > *Version 3.1.6* > > Released 2025-03-05 > • The `|attr` filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:`cpwx-vrp4-4pq7` > > *Version 3.1.5* > > Released 2024-12-21 > • The sandboxed environment handles indirect calls to `str.format`, such as by passing a stored reference to a filter that calls its argument. :ghsa:`q2x7-8rv6-6q7h` > • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:`1792`, :ghsa:`gmj6-6f8f-6699` > • Sandbox does not allow `clear` and `pop` on known mutable sequence types. :issue:`2032` > • Calling sync `render` for an async template uses `asyncio.run`. :pr:`1952` > • Avoid unclosed `auto_aiter` warnings. :pr:`1960` > • Return an `aclose`-able `AsyncGenerator` from`Template.generate_async`. :pr:`1960` > • Avoid leaving `root_render_func()` unclosed in`Template.generate_async`. :pr:`1960` > • Avoid leaving async generators unclosed in blocks, includes and extends. :pr:`1960` > • The runtime uses the correct `concat` function for the current environment when calling block references. :issue:`1701` > • Make `|unique` async-aware, allowing it to be used after another async-aware filter. :issue:`1781` > • `|int` filter handles `OverflowError` from scientific notation. :issue:`1921` > • Make compiling deterministic for tuple unpacking in a `{% set ... %}`call. :issue:`2021` > • Fix dunder protocol (`copy`/`pickle`/etc) interaction with `Undefined`objects. :issue:`2025` > • Fix `copy`/`pickle` support for the internal `missing` object. :issue:`2027` > • `Environment.overlay(enable_async)` is applied correctly. :pr:`2061` > • The error message from `FileSystemLoader` includes the paths that were searched. :issue:`1661` > • `PackageLoader` shows a clearer error message when t…

github2 07:45:48

<https://github.com/Disfactory/Disfactory/pull/653|#653 Bump jinja2 from 3.0.1 to 3.1.6 in /backend>

Bumps <https://github.com/pallets/jinja|jinja2> from 3.0.1 to 3.1.6. Release notes _Sourced from <https://github.com/pallets/jinja/releases|jinja2's releases>._ > *3.1.6* > > This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release. > PyPI: <https://pypi.org/project/Jinja2/3.1.6/|https://pypi.org/project/Jinja2/3.1.6/>Changes: <https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6|https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6> > • The `|attr` filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. <https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7 "GHSA-cpwx-vrp4-4pq7"|GHSA-cpwx-vrp4-4pq7> > > *3.1.5* > > This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release. > PyPI: <https://pypi.org/project/Jinja2/3.1.5/|https://pypi.org/project/Jinja2/3.1.5/>Changes: <https://jinja.palletsprojects.com/changes/#version-3-1-5|https://jinja.palletsprojects.com/changes/#version-3-1-5>Milestone: <https://github.com/pallets/jinja/milestone/16?closed=1|https://github.com/pallets/jinja/milestone/16?closed=1> > • The sandboxed environment handles indirect calls to `str.format`, such as by passing a stored reference to a filter that calls its argument. <https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h|GHSA-q2x7-8rv6-6q7h> > • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. <https://redirect.github.com/pallets/jinja/issues/1792|#1792>, <https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699|GHSA-gmj6-6f8f-6699> > • Sandbox does not allow `clear` and `pop` on known mutable sequence types. <https://redirect.github.com/pallets/jinja/issues/2032|#2032> > • Calling sync `render` for an async template uses `asyncio.run`. <https://redirect.github.com/pallets/jinja/issues/1952|#1952> > • Avoid unclosed `auto_aiter` warnings. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Return an `aclose`-able `AsyncGenerator` from `Template.generate_async`. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Avoid leaving `root_render_func()` unclosed in `Template.generate_async`. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Avoid leaving async generators unclosed in blocks, includes and extends. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • The runtime uses the correct `concat` function for the current environment when calling block references. <https://redirect.github.com/pallets/jinja/issues/1701|#1701> > • Make `|unique` async-aware, allowing it to be used after another async-aware filter. <https://redirect.github.com/pallets/jinja/issues/1781|#1781> > • `|int` filter handles `OverflowError` from scientific notation. <https://redirect.github.com/pallets/jinja/issues/1921|#1921> > • Make compiling deterministic for tuple unpacking in a `{% set ... %}` call. <https://redirect.github.com/pallets/jinja/issues/2021|#2021> > • Fix dunder protocol (`copy`/`pickle`/etc) interaction with `Undefined` objects. <https://redirect.github.com/pallets/jinja/issues/2025|#2025> > • Fix `copy`/`pickle` support for the internal `missing` object. <https://redirect.github.com/pallets/jinja/issues/2027|#2027> > • `Environment.overlay(enable_async)` is applied correctly. <https://redirect.github.com/pallets/jinja/issues/2061|#2061> > • The error message from `FileSystemLoader` includes the paths that were searched. <https://redirect.github.com/pallets/jinja/issues/1661|#1661> > • `PackageLoader` shows a clearer error message when the package does not contain the templates directory. <https://redirect.github.com/pallets/jinja/issues/1705|#1705> > • Improve annotations for methods returning copies. <https://redirect.github.com/pallets/jinja/issues/1880|#1880> > • `urlize` does not add `mailto:` to values like `@a@b`. <https://redirect.github.com/pallets/jinja/issues/1870|#1870> > • Tests decorated with `@pass_context` can be used with the `|select` filter. <https://redirect.github.com/pallets/jinja/issues/1624|#1624> > • Using `set` for multiple assignment (`a, b = 1, 2`) does not fail when the target is a namespace attribute. <https://redirect.github.com/pallets/jinja/issues/1413|#1413> > • Using `set` in all branches of `{% if %}{% elif %}{% else %}` blocks does not cause the variable to be considered initially undefined. <https://redirect.github.com/pallets/jinja/issues/1253|#1253> > > *3.1.4* > > This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes. > PyPI: <https://pypi.org/project/Jinja2/3.1.4/|https://pypi.org/project/Jinja2/3.1.4/>Changes: <https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4|https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4> > • The `xmlattr` filter does not allow keys with `/` solidus, `>` greater-than sign, or `=` equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. <https://github.com/advisories/GHSA-h75v-3vvj-5mfj "GHSA-h75v-3vvj-5mfj"|GHSA-h75v-3vvj-5mfj> > > *3.1.3* > > This is a fix release for the 3.1.x feature branch. > • Fix for <https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95|GHSA-h5c8-rqwp-cp95>. You are affected if you are using `xmlattr` and passing user input as attribute keys. ... (truncated) Changelog _Sourced from <https://github.com/pallets/jinja/blob/main/CHANGES.rst|jinja2's changelog>._ > *Version 3.1.6* > > Released 2025-03-05 > • The `|attr` filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:`cpwx-vrp4-4pq7` > > *Version 3.1.5* > > Released 2024-12-21 > • The sandboxed environment handles indirect calls to `str.format`, such as by passing a stored reference to a filter that calls its argument. :ghsa:`q2x7-8rv6-6q7h` > • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:`1792`, :ghsa:`gmj6-6f8f-6699` > • Sandbox does not allow `clear` and `pop` on known mutable sequence types. :issue:`2032` > • Calling sync `render` for an async template uses `asyncio.run`. :pr:`1952` > • Avoid unclosed `auto_aiter` warnings. :pr:`1960` > • Return an `aclose`-able `AsyncGenerator` from`Template.generate_async`. :pr:`1960` > • Avoid leaving `root_render_func()` unclosed in`Template.generate_async`. :pr:`1960` > • Avoid leaving async generators unclosed in blocks, includes and extends. :pr:`1960` > • The runtime uses the correct `concat` function for the current environment when calling block references. :issue:`1701` > • Make `|unique` async-aware, allowing it to be used after another async-aware filter. :issue:`1781` > • `|int` filter handles `OverflowError` from scientific notation. :issue:`1921` > • Make compiling deterministic for tuple unpacking in a `{% set ... %}`call. :issue:`2021` > • Fix dunder protocol (`copy`/`pickle`/etc) interaction with `Undefined`objects. :issue:`2025` > • Fix `copy`/`pickle` support for the internal `missing` object. :issue:`2027` > • `Environment.overlay(enable_async)` is applied correctly. :pr:`2061` > • The error message from `FileSystemLoader` includes the paths that were searched. :issue:`1661` > • `PackageLoader` shows a clearer error message when t…

github2 07:45:50

<https://github.com/Disfactory/Disfactory/pull/650|#650 Bump jinja2 from 3.0.1 to 3.1.5 in /backend>

Bumps <https://github.com/pallets/jinja|jinja2> from 3.0.1 to 3.1.5. Release notes _Sourced from <https://github.com/pallets/jinja/releases|jinja2's releases>._ > *3.1.5* > > This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release. > PyPI: <https://pypi.org/project/Jinja2/3.1.5/|https://pypi.org/project/Jinja2/3.1.5/>Changes: <https://jinja.palletsprojects.com/changes/#version-3-1-5|https://jinja.palletsprojects.com/changes/#version-3-1-5>Milestone: <https://github.com/pallets/jinja/milestone/16?closed=1|https://github.com/pallets/jinja/milestone/16?closed=1> > • The sandboxed environment handles indirect calls to `str.format`, such as by passing a stored reference to a filter that calls its argument. <https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h|GHSA-q2x7-8rv6-6q7h> > • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. <https://redirect.github.com/pallets/jinja/issues/1792|#1792>, <https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699|GHSA-gmj6-6f8f-6699> > • Sandbox does not allow `clear` and `pop` on known mutable sequence types. <https://redirect.github.com/pallets/jinja/issues/2032|#2032> > • Calling sync `render` for an async template uses `asyncio.run`. <https://redirect.github.com/pallets/jinja/issues/1952|#1952> > • Avoid unclosed `auto_aiter` warnings. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Return an `aclose`-able `AsyncGenerator` from `Template.generate_async`. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Avoid leaving `root_render_func()` unclosed in `Template.generate_async`. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Avoid leaving async generators unclosed in blocks, includes and extends. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • The runtime uses the correct `concat` function for the current environment when calling block references. <https://redirect.github.com/pallets/jinja/issues/1701|#1701> > • Make `|unique` async-aware, allowing it to be used after another async-aware filter. <https://redirect.github.com/pallets/jinja/issues/1781|#1781> > • `|int` filter handles `OverflowError` from scientific notation. <https://redirect.github.com/pallets/jinja/issues/1921|#1921> > • Make compiling deterministic for tuple unpacking in a `{% set ... %}` call. <https://redirect.github.com/pallets/jinja/issues/2021|#2021> > • Fix dunder protocol (`copy`/`pickle`/etc) interaction with `Undefined` objects. <https://redirect.github.com/pallets/jinja/issues/2025|#2025> > • Fix `copy`/`pickle` support for the internal `missing` object. <https://redirect.github.com/pallets/jinja/issues/2027|#2027> > • `Environment.overlay(enable_async)` is applied correctly. <https://redirect.github.com/pallets/jinja/issues/2061|#2061> > • The error message from `FileSystemLoader` includes the paths that were searched. <https://redirect.github.com/pallets/jinja/issues/1661|#1661> > • `PackageLoader` shows a clearer error message when the package does not contain the templates directory. <https://redirect.github.com/pallets/jinja/issues/1705|#1705> > • Improve annotations for methods returning copies. <https://redirect.github.com/pallets/jinja/issues/1880|#1880> > • `urlize` does not add `mailto:` to values like `@a@b`. <https://redirect.github.com/pallets/jinja/issues/1870|#1870> > • Tests decorated with `@pass_context` can be used with the `|select` filter. <https://redirect.github.com/pallets/jinja/issues/1624|#1624> > • Using `set` for multiple assignment (`a, b = 1, 2`) does not fail when the target is a namespace attribute. <https://redirect.github.com/pallets/jinja/issues/1413|#1413> > • Using `set` in all branches of `{% if %}{% elif %}{% else %}` blocks does not cause the variable to be considered initially undefined. <https://redirect.github.com/pallets/jinja/issues/1253|#1253> > > *3.1.4* > > This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes. > PyPI: <https://pypi.org/project/Jinja2/3.1.4/|https://pypi.org/project/Jinja2/3.1.4/>Changes: <https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4|https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4> > • The `xmlattr` filter does not allow keys with `/` solidus, `>` greater-than sign, or `=` equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. <https://github.com/advisories/GHSA-h75v-3vvj-5mfj "GHSA-h75v-3vvj-5mfj"|GHSA-h75v-3vvj-5mfj> > > *3.1.3* > > This is a fix release for the 3.1.x feature branch. > • Fix for <https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95|GHSA-h5c8-rqwp-cp95>. You are affected if you are using `xmlattr` and passing user input as attribute keys. > • Changes: <https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3|https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3> > • Milestone: <https://github.com/pallets/jinja/milestone/15?closed=1|https://github.com/pallets/jinja/milestone/15?closed=1> > > *3.1.2* > > This is a fix release for the <https://github.com/pallets/jinja/releases/tag/3.1.0|3.1.0> feature release. > • Changes: <https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-2|https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-2> > • Milestone: <https://github.com/pallets/jinja/milestone/13?closed=1|https://github.com/pallets/jinja/milestone/13?closed=1> ... (truncated) Changelog _Sourced from <https://github.com/pallets/jinja/blob/main/CHANGES.rst|jinja2's changelog>._ > *Version 3.1.5* > > Released 2024-12-21 > • The sandboxed environment handles indirect calls to `str.format`, such as by passing a stored reference to a filter that calls its argument. :ghsa:`q2x7-8rv6-6q7h` > • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:`1792`, :ghsa:`gmj6-6f8f-6699` > • Sandbox does not allow `clear` and `pop` on known mutable sequence types. :issue:`2032` > • Calling sync `render` for an async template uses `asyncio.run`. :pr:`1952` > • Avoid unclosed `auto_aiter` warnings. :pr:`1960` > • Return an `aclose`-able `AsyncGenerator` from`Template.generate_async`. :pr:`1960` > • Avoid leaving `root_render_func()` unclosed in`Template.generate_async`. :pr:`1960` > • Avoid leaving async generators unclosed in blocks, includes and extends. :pr:`1960` > • The runtime uses the correct `concat` function for the current environment when calling block references. :issue:`1701` > • Make `|unique` async-aware, allowing it to be used after another async-aware filter. :issue:`1781` > • `|int` filter handles `OverflowError` from scientific notation. :issue:`1921` > • Make compiling deterministic for tuple unpacking in a `{% set ... %}`call. :issue:`2021` > • Fix dunder protocol (`copy`/`pickle`/etc) interaction with `Undefined`objects. :issue:`2025` > • Fix `copy`/`pickle` support for the internal `missing` object. :issue:`2027` > • `Environment.overlay(enable_async)` is applied correctly. :pr:`2061` > • The error message from `FileSystemLoader` includes the paths that were searched. :issue:`1661` > • `PackageLoader` shows a clearer error message when the package does not contain the templates directory. :issue:`1705` > • Improve annotations for methods returning copies. :pr:`1880` > • `urlize` does not add `mailto:` to values like `@a@b`. …

github2 2025-03-06 07:45:50

github2 07:45:50

<https://github.com/Disfactory/Disfactory/pull/650|#650 Bump jinja2 from 3.0.1 to 3.1.5 in /backend>

Bumps <https://github.com/pallets/jinja|jinja2> from 3.0.1 to 3.1.5. Release notes _Sourced from <https://github.com/pallets/jinja/releases|jinja2's releases>._ > *3.1.5* > > This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release. > PyPI: <https://pypi.org/project/Jinja2/3.1.5/|https://pypi.org/project/Jinja2/3.1.5/>Changes: <https://jinja.palletsprojects.com/changes/#version-3-1-5|https://jinja.palletsprojects.com/changes/#version-3-1-5>Milestone: <https://github.com/pallets/jinja/milestone/16?closed=1|https://github.com/pallets/jinja/milestone/16?closed=1> > • The sandboxed environment handles indirect calls to `str.format`, such as by passing a stored reference to a filter that calls its argument. <https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h|GHSA-q2x7-8rv6-6q7h> > • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. <https://redirect.github.com/pallets/jinja/issues/1792|#1792>, <https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699|GHSA-gmj6-6f8f-6699> > • Sandbox does not allow `clear` and `pop` on known mutable sequence types. <https://redirect.github.com/pallets/jinja/issues/2032|#2032> > • Calling sync `render` for an async template uses `asyncio.run`. <https://redirect.github.com/pallets/jinja/issues/1952|#1952> > • Avoid unclosed `auto_aiter` warnings. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Return an `aclose`-able `AsyncGenerator` from `Template.generate_async`. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Avoid leaving `root_render_func()` unclosed in `Template.generate_async`. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Avoid leaving async generators unclosed in blocks, includes and extends. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • The runtime uses the correct `concat` function for the current environment when calling block references. <https://redirect.github.com/pallets/jinja/issues/1701|#1701> > • Make `|unique` async-aware, allowing it to be used after another async-aware filter. <https://redirect.github.com/pallets/jinja/issues/1781|#1781> > • `|int` filter handles `OverflowError` from scientific notation. <https://redirect.github.com/pallets/jinja/issues/1921|#1921> > • Make compiling deterministic for tuple unpacking in a `{% set ... %}` call. <https://redirect.github.com/pallets/jinja/issues/2021|#2021> > • Fix dunder protocol (`copy`/`pickle`/etc) interaction with `Undefined` objects. <https://redirect.github.com/pallets/jinja/issues/2025|#2025> > • Fix `copy`/`pickle` support for the internal `missing` object. <https://redirect.github.com/pallets/jinja/issues/2027|#2027> > • `Environment.overlay(enable_async)` is applied correctly. <https://redirect.github.com/pallets/jinja/issues/2061|#2061> > • The error message from `FileSystemLoader` includes the paths that were searched. <https://redirect.github.com/pallets/jinja/issues/1661|#1661> > • `PackageLoader` shows a clearer error message when the package does not contain the templates directory. <https://redirect.github.com/pallets/jinja/issues/1705|#1705> > • Improve annotations for methods returning copies. <https://redirect.github.com/pallets/jinja/issues/1880|#1880> > • `urlize` does not add `mailto:` to values like `@a@b`. <https://redirect.github.com/pallets/jinja/issues/1870|#1870> > • Tests decorated with `@pass_context` can be used with the `|select` filter. <https://redirect.github.com/pallets/jinja/issues/1624|#1624> > • Using `set` for multiple assignment (`a, b = 1, 2`) does not fail when the target is a namespace attribute. <https://redirect.github.com/pallets/jinja/issues/1413|#1413> > • Using `set` in all branches of `{% if %}{% elif %}{% else %}` blocks does not cause the variable to be considered initially undefined. <https://redirect.github.com/pallets/jinja/issues/1253|#1253> > > *3.1.4* > > This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes. > PyPI: <https://pypi.org/project/Jinja2/3.1.4/|https://pypi.org/project/Jinja2/3.1.4/>Changes: <https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4|https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4> > • The `xmlattr` filter does not allow keys with `/` solidus, `>` greater-than sign, or `=` equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. <https://github.com/advisories/GHSA-h75v-3vvj-5mfj "GHSA-h75v-3vvj-5mfj"|GHSA-h75v-3vvj-5mfj> > > *3.1.3* > > This is a fix release for the 3.1.x feature branch. > • Fix for <https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95|GHSA-h5c8-rqwp-cp95>. You are affected if you are using `xmlattr` and passing user input as attribute keys. > • Changes: <https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3|https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3> > • Milestone: <https://github.com/pallets/jinja/milestone/15?closed=1|https://github.com/pallets/jinja/milestone/15?closed=1> > > *3.1.2* > > This is a fix release for the <https://github.com/pallets/jinja/releases/tag/3.1.0|3.1.0> feature release. > • Changes: <https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-2|https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-2> > • Milestone: <https://github.com/pallets/jinja/milestone/13?closed=1|https://github.com/pallets/jinja/milestone/13?closed=1> ... (truncated) Changelog _Sourced from <https://github.com/pallets/jinja/blob/main/CHANGES.rst|jinja2's changelog>._ > *Version 3.1.5* > > Released 2024-12-21 > • The sandboxed environment handles indirect calls to `str.format`, such as by passing a stored reference to a filter that calls its argument. :ghsa:`q2x7-8rv6-6q7h` > • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:`1792`, :ghsa:`gmj6-6f8f-6699` > • Sandbox does not allow `clear` and `pop` on known mutable sequence types. :issue:`2032` > • Calling sync `render` for an async template uses `asyncio.run`. :pr:`1952` > • Avoid unclosed `auto_aiter` warnings. :pr:`1960` > • Return an `aclose`-able `AsyncGenerator` from`Template.generate_async`. :pr:`1960` > • Avoid leaving `root_render_func()` unclosed in`Template.generate_async`. :pr:`1960` > • Avoid leaving async generators unclosed in blocks, includes and extends. :pr:`1960` > • The runtime uses the correct `concat` function for the current environment when calling block references. :issue:`1701` > • Make `|unique` async-aware, allowing it to be used after another async-aware filter. :issue:`1781` > • `|int` filter handles `OverflowError` from scientific notation. :issue:`1921` > • Make compiling deterministic for tuple unpacking in a `{% set ... %}`call. :issue:`2021` > • Fix dunder protocol (`copy`/`pickle`/etc) interaction with `Undefined`objects. :issue:`2025` > • Fix `copy`/`pickle` support for the internal `missing` object. :issue:`2027` > • `Environment.overlay(enable_async)` is applied correctly. :pr:`2061` > • The error message from `FileSystemLoader` includes the paths that were searched. :issue:`1661` > • `PackageLoader` shows a clearer error message when the package does not contain the templates directory. :issue:`1705` > • Improve annotations for methods returning copies. :pr:`1880` > • `urlize` does not add `mailto:` to values like `@a@b`. …

github2 2025-03-06 07:45:50

github2 07:45:50

<https://github.com/Disfactory/Disfactory/pull/650|#650 Bump jinja2 from 3.0.1 to 3.1.5 in /backend>

github2 2025-03-06 07:45:50

2025-03-22

github2 09:47:27

<https://github.com/Disfactory/Disfactory/pull/654|#654 Bump gunicorn from 20.1.0 to 23.0.0 in /backend>

Bumps <https://github.com/benoitc/gunicorn|gunicorn> from 20.1.0 to 23.0.0. Release notes _Sourced from <https://github.com/benoitc/gunicorn/releases|gunicorn's releases>._ > ## 23.0.0 > > Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety > > You're invited to upgrade asap your own installation. > > # 23.0.0 - 2024-08-10 > > • minor docs fixes (:pr:`3217`, :pr:`3089`, :pr:`3167`) > • worker_class parameter accepts a class (:pr:`3079`) > • fix deadlock if request terminated during chunked parsing (:pr:`2688`) > • permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:`3261`) > • permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:`3261`) > • sdist generation now explicitly excludes sphinx build folder (:pr:`3257`) > • decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising `TypeError` (:pr:`2336`) > • raise correct Exception when encounting invalid chunked requests (:pr:`3258`) > • the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:`3192`) > • include IPv6 loopback address `[::1]` in default for :ref:`forwarded-allow-ips` and :ref:`proxy-allow-ips` (:pr:`3192`) > > ** NOTE ** > > • The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release > • Review your :ref:`forwarded-allow-ips` setting if you are still not seeing the SCRIPT_NAME transmitted > • Review your :ref:`forwarder-headers` setting if you are missing headers after upgrading from a version prior to 22.0.0 > > ** Breaking changes ** > > • refuse requests where the uri field is empty (:pr:`3255`) > • refuse requests with invalid CR/LR/NUL in heade field values (:pr:`3253`) > • remove temporary `--tolerate-dangerous-framing` switch from 22.0 (:pr:`3260`) > • If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies. > > Fix <https://github.com/advisories/GHSA-w3h3-4rj7-4ph4 "CVE-2024-1135"|CVE-2024-1135> > > ## Gunicorn 22.0 has been released > > *Gunicorn 22.0.0 has been released.* This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation. > > Changes: > > `22.0.0 - 2024-04-17 > =================== > ` > `` > • use `utime` to notify workers liveness > > • migrate setup to pyproject.toml > > • fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors) > > • parsing additional requests is no longer attempted past unsupported request framing > > • on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits) > > • requests conflicting configured or passed SCRIPT_NAME now produce a verbose error > > `` > • `Trailer fields are no longer inspected for headers indicating secure scheme > </tr></table> > ` ... (truncated) Commits • <https://github.com/benoitc/gunicorn/commit/411986d6191114dd1d1bbb9c72c948dbf0ef0425|`411986d`> fix doc • <https://github.com/benoitc/gunicorn/commit/334392e7795f2017e83f7054d372422512d6f4b6|`334392e`> Merge pull request <https://redirect.github.com/benoitc/gunicorn/issues/2559|#2559> from laggardkernel/bugfix/reexec-env • <https://github.com/benoitc/gunicorn/commit/e75c3533e32f91a9dceba9e8e1341fea5540ba81|`e75c353`> Merge pull request <https://redirect.github.com/benoitc/gunicorn/issues/3189|#3189> from pajod/patch-py36 • <https://github.com/benoitc/gunicorn/commit/9357b28dd867950e33ca3864207cb35a1eb8ba6f|`9357b28`> keep document user in access_log_format setting • <https://github.com/benoitc/gunicorn/commit/79fdef0822cbfe7e16b659b07230af9be098d5fc|`79fdef0`> bump to 23.0.0 • <https://github.com/benoitc/gunicorn/commit/3acd9fbfd1159ca3cd80a8052ada89a0bf27f806|`3acd9fb`> Merge pull request <https://redirect.github.com/benoitc/gunicorn/issues/2620|#2620> from talkerbox/improve-access-log-format-docs • <https://github.com/benoitc/gunicorn/commit/3f56d76548e4ade034bf5e174737902970285d1f|`3f56d76`> Merge pull request <https://redirect.github.com/benoitc/gunicorn/issues/3192|#3192> from pajod/patch-allowed-script-name • <https://github.com/benoitc/gunicorn/commit/256d474a7910bd605f2cc8c082b79c1ae55215a9|`256d474`> docs: revert duped directive • <https://github.com/benoitc/gunicorn/commit/ffa48b581dcaa75f17fd2df263515e4266feeef6|`ffa48b5`> test: default change was intentional • <https://github.com/benoitc/gunicorn/commit/52538ca9070b5e7ead5d0fa731e82a622dc6f3ee|`52538ca`> docs: recommend SCRIPT_NAME=/subfolder • Additional commits viewable in <https://github.com/benoitc/gunicorn/compare/20.1.0...23.0.0|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|[Dependabot compatibility score](https://camo.githubusercontent.com/ab42d03b8fe7b941399991156c15f68b1edb8c498eba404ef64e613a87af8a9a/68747470733a2f2f646570656e6461626f742d6261646765732e6769746875626170702e636f6d2f6261646765732f636f6d7061746962696c6974795f73636f72653f646570656e64656e63792d6e616d653d67756e69636f726e267061636b6167652d6d616e616765723d7069702670726576696f75732d76657273696f6e3d32302e312e30266e65772d76657273696f6e3d32332e302e30)> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/Disfactory/network/alerts|Security Alerts page>.

github2 09:47:27

<https://github.com/Disfactory/Disfactory/pull/654|#654 Bump gunicorn from 20.1.0 to 23.0.0 in /backend>

Bumps <https://github.com/benoitc/gunicorn|gunicorn> from 20.1.0 to 23.0.0. Release notes _Sourced from <https://github.com/benoitc/gunicorn/releases|gunicorn's releases>._ > ## 23.0.0 > > Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety > > You're invited to upgrade asap your own installation. > > # 23.0.0 - 2024-08-10 > > • minor docs fixes (:pr:`3217`, :pr:`3089`, :pr:`3167`) > • worker_class parameter accepts a class (:pr:`3079`) > • fix deadlock if request terminated during chunked parsing (:pr:`2688`) > • permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:`3261`) > • permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:`3261`) > • sdist generation now explicitly excludes sphinx build folder (:pr:`3257`) > • decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising `TypeError` (:pr:`2336`) > • raise correct Exception when encounting invalid chunked requests (:pr:`3258`) > • the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:`3192`) > • include IPv6 loopback address `[::1]` in default for :ref:`forwarded-allow-ips` and :ref:`proxy-allow-ips` (:pr:`3192`) > > ** NOTE ** > > • The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release > • Review your :ref:`forwarded-allow-ips` setting if you are still not seeing the SCRIPT_NAME transmitted > • Review your :ref:`forwarder-headers` setting if you are missing headers after upgrading from a version prior to 22.0.0 > > ** Breaking changes ** > > • refuse requests where the uri field is empty (:pr:`3255`) > • refuse requests with invalid CR/LR/NUL in heade field values (:pr:`3253`) > • remove temporary `--tolerate-dangerous-framing` switch from 22.0 (:pr:`3260`) > • If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies. > > Fix <https://github.com/advisories/GHSA-w3h3-4rj7-4ph4 "CVE-2024-1135"|CVE-2024-1135> > > ## Gunicorn 22.0 has been released > > *Gunicorn 22.0.0 has been released.* This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation. > > Changes: > > `22.0.0 - 2024-04-17 > =================== > ` > `` > • use `utime` to notify workers liveness > > • migrate setup to pyproject.toml > > • fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors) > > • parsing additional requests is no longer attempted past unsupported request framing > > • on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits) > > • requests conflicting configured or passed SCRIPT_NAME now produce a verbose error > > `` > • `Trailer fields are no longer inspected for headers indicating secure scheme > </tr></table> > ` ... (truncated) Commits • <https://github.com/benoitc/gunicorn/commit/411986d6191114dd1d1bbb9c72c948dbf0ef0425|`411986d`> fix doc • <https://github.com/benoitc/gunicorn/commit/334392e7795f2017e83f7054d372422512d6f4b6|`334392e`> Merge pull request <https://redirect.github.com/benoitc/gunicorn/issues/2559|#2559> from laggardkernel/bugfix/reexec-env • <https://github.com/benoitc/gunicorn/commit/e75c3533e32f91a9dceba9e8e1341fea5540ba81|`e75c353`> Merge pull request <https://redirect.github.com/benoitc/gunicorn/issues/3189|#3189> from pajod/patch-py36 • <https://github.com/benoitc/gunicorn/commit/9357b28dd867950e33ca3864207cb35a1eb8ba6f|`9357b28`> keep document user in access_log_format setting • <https://github.com/benoitc/gunicorn/commit/79fdef0822cbfe7e16b659b07230af9be098d5fc|`79fdef0`> bump to 23.0.0 • <https://github.com/benoitc/gunicorn/commit/3acd9fbfd1159ca3cd80a8052ada89a0bf27f806|`3acd9fb`> Merge pull request <https://redirect.github.com/benoitc/gunicorn/issues/2620|#2620> from talkerbox/improve-access-log-format-docs • <https://github.com/benoitc/gunicorn/commit/3f56d76548e4ade034bf5e174737902970285d1f|`3f56d76`> Merge pull request <https://redirect.github.com/benoitc/gunicorn/issues/3192|#3192> from pajod/patch-allowed-script-name • <https://github.com/benoitc/gunicorn/commit/256d474a7910bd605f2cc8c082b79c1ae55215a9|`256d474`> docs: revert duped directive • <https://github.com/benoitc/gunicorn/commit/ffa48b581dcaa75f17fd2df263515e4266feeef6|`ffa48b5`> test: default change was intentional • <https://github.com/benoitc/gunicorn/commit/52538ca9070b5e7ead5d0fa731e82a622dc6f3ee|`52538ca`> docs: recommend SCRIPT_NAME=/subfolder • Additional commits viewable in <https://github.com/benoitc/gunicorn/compare/20.1.0...23.0.0|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|[Dependabot compatibility score](https://camo.githubusercontent.com/ab42d03b8fe7b941399991156c15f68b1edb8c498eba404ef64e613a87af8a9a/68747470733a2f2f646570656e6461626f742d6261646765732e6769746875626170702e636f6d2f6261646765732f636f6d7061746962696c6974795f73636f72653f646570656e64656e63792d6e616d653d67756e69636f726e267061636b6167652d6d616e616765723d7069702670726576696f75732d76657273696f6e3d32302e312e30266e65772d76657273696f6e3d32332e302e30)> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/Disfactory/network/alerts|Security Alerts page>.