Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow Click 8.0, refs #1016 #1042

Merged
merged 1 commit into from
May 23, 2021
Merged

Allow Click 8.0, refs #1016 #1042

merged 1 commit into from
May 23, 2021

Conversation

simonw
Copy link
Contributor

@simonw simonw commented May 23, 2021

Similar to #1033 but updates the CLI documentation to reflect new whitespace.

simonw
simonw commented May 23, 2021
View reviewed changes
setup.py
@@ -44,7 +44,7 @@ def get_packages(package):
env_marker_below_38 = "python_version < '3.8'"

minimal_requirements = [
"click==7.*",
"click>=7.*",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if this should also specify <9 to avoid an accidental upgrade to Click 9.0 some time in the future.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have time I hope

@euri10 euri10 merged commit 2c06f6d into encode:master May 23, 2021
This was referenced May 27, 2021
Closed
Closed
br3ndonland added a commit to br3ndonland/inboard that referenced this pull request Jul 5, 2021
@br3ndonland
Upgrade to Uvicorn 0.14 and Click 8.0
ea77261 
https://github.com/encode/uvicorn/releases/tag/0.14.0
https://click.palletsprojects.com/en/8.0.x/changes/

Uvicorn now allows Click 8 to be used (encode/uvicorn#1042), which is
notable because of a security fix added in Click 8. This fix patches an
insecure temporary file vulnerability, and was reported by CodeQL scans
in the inboard repo. The Click maintainers did not clearly report this
vulnerability in the release notes. The release notes entry merely says,
"Use `mkstemp()` instead of `mktemp()` in pager implementation." The fix
provided in pallets/click#1754 does not explain the implications of the
change. The issue report in pallets/click#1752 was criticized for not
respecting https://github.com/pallets/click/security/policy, but Click
did not provide adequate information otherwise.
Kludex pushed a commit to sephioh/uvicorn that referenced this pull request Oct 29, 2022
@simonw @Kludex
Allow Click 8.0, refs encode#1016 (encode#1042)
694ffa1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@euri10 euri10 euri10 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@simonw @euri10