Guldan配置管理系统

TouchPal, updated 🕥 2022-12-07 23:43:23

guldan简介

guldan是一个配置管理中心，通过guldan用户可用方便的实现自己应用的配置管理。

配置热变更，当配置变更时，guldan会及时的通知到应用，应用感知到变化，并作出自己的相应及调整；比如，流量切换，服务开关等。
guldan还允许配置共享，当你想要把自己的配个配置共享给其他业务方时，可以将该配置项授权，让其访问，比如mysql slave库的共享

架构如下图所示

guldan架构图

guldan中的概念

用户
- guldan采用单独的用户体系，需要先在guldan中注册才能使用
- 用户注册后，会被生成一个唯一hash，该hash即用户的token，授权时是以该hash为标准的
- 用户可以修改自己的密码；当用户忘记密码时，可以联系系统管理员admin进行重置密码
- 系统在启动的时候，默认会创建一个admin用户，密码123456，在将系统发布给用户使用前，请先修改admin密码
配置
- 配置分为三个层级，（org， project， item）
- 每个层级中创建资源的名称都是唯一的，比如在org层，名字不能有重复，在单个org中，各个project名字不能有重复，在单个project中，各个item的名字不能有重复
- 但是如果是不同的project，是可以有相同的配置项名称的，比如project1和project2都可以有mysql_master这个配置项
- 配置可以授权给其他人，在授权的时候，通过搜索对方的用户名，找到并授权
用户的权限
- 当授权给用户时，需要选择相应的权限，已决定该用户将要获得的权限。
- 现在的权限分为三个
  - modifer
  - viewer
  - puller
- puller只是具有配置的拉取权限，该用户只能在程序中获得该配置项的内容，他在guldan的web将看不到任何关于该配置项的内容
- viewer在具有puller的权限的同时，可以在guldan的web界面上看到该配置项的内容，但是不能修改
- modifier在具有viewer的权限的同时，还可以对该配置项的内容进行修改
- 一个资源的创建者默认对其创建的资源具有modifier权限
配置的可见性
- 公开，任何用户都可以看到该资源的内容，但是不能修改
- 私有，只有授权过的用户才可以对该资源进行拉取，查看或修改
- viewer默认只能查看某一层次内的公有和授权过的资源，看不到其它未授权的资源
- viewer可以在某一层次上创建新的资源，该viewer对新创建的资源默认具有modifier权限

guldan接入指南

接入方式

现提供一下两种客户端使用方式

嵌入到应用中（即跟应用在同一个进程中）的guldan client，guldan client有多语言版本
1. python
2. c
3. go
4. java
处在应用外（即单独的一个进程）的guldan proxy

python client

具体的使用方式，可以参见python client

go client

具体的使用方式，可以参见go client

java client

具体的使用方式，可以参见java client

guldan proxy

具体的使用方式，可以参见guldan proxy

配置发布

常规发布

正常的配置发布，用户或者客户端直接拉取就可以了。

每一次的配置修改发布都使得配置项的版本号增加，以标识不同的配置项版本。

灰度发布

当用户选择灰度发布配置项时，并不会影响主干上的配置项。用户可以对灰度的配置项做修改和发布操作，但是灰度发布的配置项不支持版本管理。

当用户想要获取配置项的灰度版本时，需要在拉取时，带上grey=true的选项，这样拉取的就是灰度发布的版本了。如果用户使用我们提供的客户端，该选项会自动带上。

说明

由于这两个环境并没有打通，也就是说这两套系统是完全独立的，所以你在测试环境上做过的测试，在上线之前请务必确认在生产环境上也做了配置。

guldan web api

为了方便通过程序的方式来管理guldan，我们提供了web api

guldan web api

guldan部署

guldan环境初始化

bash cd guldan_root virtualenv guldanenv source guldanenv/bin/activate pip install -r requirements.txt

guldan依赖

以下为guldan的依赖

mysql
redis
kafka（需要zookeeper的地址）

请在部署前，确认申请并设置好以上资源，并做以下的初始化

数据库的初始化，使用sql文件
确认你的mysql server使用了utf8mb4编码
准备好mysql的连接串，连接串示例如下：
1. mysql://root:[email protected]:3500/guldandb?charset=utf8mb4
kafka申请好topic的名字和consumer group的名字
1. 如果你的kafka管理员不允许自动创建topic，还请先创建好你的topic
确认好kafka的版本号
选择好guldan生成用户hash所需要的盐，它是一个任意长度的字符串，越随机越好
确认好guldan的日志输出目录，提前创建好
确认好guldan在主机上可以监听的端口

guldan web 部署

确认好以上信息之后，就可以在config.py中将配置填入AppConfig中。

db_master, mysql master的连接串
db_slave， mysql slave的连接串
protocol, uwsgi运行的协议，socket或者http，生产上推荐使用socket
port，guldan的端口
redis_url， redis的连接串
metrics_url，监控地址，这里是influxdb的udp地址，不用可以设置为unset
kafka_zk， kafka zookeeper的地址
kafka_brokers， kafka的broker地址
kafka_item_grey_topic，kafka topic的名字
kafka_version， kafka的版本号
salt，用户名密码加密所使用到的盐，任意字符串

在确认了以上配置后，将它们放入到环境变量中，

bash export db_master=xxx export db_slave=xxx ....

之后再运行

bash cd guldan_root /path/to/your/venv/bin/python guldan_start.py

guldan async 部署

guldan async是为了接收guldan web发的异步消息来设计的，主要是kafka的消费者

需要的配置如下

redis_url， redis连接串
metrics_url，监控地址，这里是influxdb的udp地址，不用可以设置为unset
kafka_brokers，kafka的broker地址
kafka_zk， kafka zookeeper的地址
kafka_item_grey_topic， kafka topic的名字
kafka_consumer_group_name， kafka的consumer group的名字
kafka_version，kafka的版本号

拿到上面的配置之后，还请把这些配置放入到环境变量中

bash export redis_url=xxx export metrics_url=xxx ....

然后执行下面的命令

bash cd guldan_root /path/to/your/venv/bin/python async_consumer/async_consumer.py

guldan docker 部署

docker 环境准备

docker安装

可以参考下面的链接进行docker的安装

https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/

docker-compose安装

对于ubuntu，可以采用下面的方式安装docker-compose

bash sudo curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose 1. 确认自己拥有docker命令的执行权限，如果没有，还请联系你的系统管理员，让他把你的用户名加入的docker用户组下。

guldan docker base

guldan docker的base镜像，主要是用来安装guldan的依赖的其它的软件包。因为在开发过程中，guldan的依赖的软件包不会有太大的变化，而且安装依赖软件包也是一个耗时的过程。

base镜像生成使用下面的命令

bash cd guldan_root docker build -f dockers/Dockerfile -t guldan_base:latest dockers

guldan web docker

web镜像主要是启动guldan web服务的，使用如下命令生成guldan web镜像，你可以根据自己公司的policy更改生成镜像的tag。

bash cd guldan_root docker build -t guldan_web:latest . guldan web的上线，同样需要设置容器的环境变量，配置项同guldan web部署中提到的配置

bash docker run -d -e db_master=xxx -e db_slave=xxx -e other configs guldan_web:latest

guldan async docker

跟guldan web docker一样，guldan async docker也是依赖guldan base镜像的

bash cd guldan_root docker build -t guldan_async:latest async_consumer

启动时的环境变量，也请参考上面的guldan async 部署

bash docker run -d -e redis_url=xxx -e .... guldan_async:latest

guldan开发

guldan的整个开发环境也是基于docker的，如果你还没有docker，还请参见上面的docker 环境准备.

在项目中提供了guldan_setup.py供开发者使用，具体的说明可以见guldan_setup.py -h 该命令会以docker的形式启动guldan依赖，以及guldan_web和guldan_async。成功setup之后，他启动了以下6个容器

mysql
redis
zookeeper
kafka
guldan_web
guldan_sync

跟guldan_setup.py配合使用的是guldan_options.yml文件，该文件中定义了guldan所需要的一些参数，开发者可以根据自己的需要进行修改。

用户需要将其中的127.0.0.1替换成自己的开发机器地址，

启动guldan

bash python guldan_setup.py run --guldan-port=8080 --guldan-option-file="./guldan_options.yml"

删除guldan环境

bash python guldan_setup.py down

该命令会将启动的docker镜像停止并删除

guldan web reload

如果guldan web的代码有改动，可以使用reload guldan；由于在开发环境，guldan是以默认的bridge模式启动的，所以下面的启动参数guldan-port是主机上guldan映射的端口。

bash python guldan_setup.py reload guldan --guldan-port=8080 --guldan-option-file="./guldan_options.yml"

guldan async reload

如果guldan async的代码有改动，可以使用reload guldan_async

bash python guldan_setup.py reload guldan_async --guldan-option-file="./guldan_options.yml"

guldan调试启动

如果你觉得在容器中，对guldan的调试不太方便，还可以使用一下默认启动guldan

python方式
- 因为guldan采用了flask，所以可以是直接使用python guldan.py的方式进行启动
- 由于flask的这种启动方式使用了werkzeug.serving包的run_simple方法，所以该方式不适合在生产上启动服务，仅用作调试使用
- 这种启动方式默认使用config.py中所定义的一些默认配置项，你需要将guldan的依赖的一些配置放入到这个文件中
uwsigi方式
- 同上，你需要将guldan依赖的配置在config.py中填好
- 使用uwsgi的方式进行启动，uwsgi guldan_uwsgi_deploy.ini
- 因为python的启动方式效率比较低，采用这种方式可以方便前端开发

Issues

Bump certifi from 2017.11.5 to 2022.12.7 in /async_consumer

opened on 2022-12-07 23:43:23 by dependabot[bot]

Bumps certifi from 2017.11.5 to 2022.12.7.

Commits

9e9e840 2022.12.07
b81bdb2 2022.09.24
939a28f 2022.09.14
aca828a 2022.06.15.2
de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...
b8eb5e9 2022.06.15.1
47fb7ab Fix deprecation warning on Python 3.11 (#199)
b0b48e0 fixes #198 -- update link in license
9d514b4 2022.06.15
4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/TouchPal/guldan/network/alerts).

Bump ipython from 5.3.0 to 7.16.3 in /dockers

opened on 2022-01-21 18:56:18 by dependabot[bot]

Bumps ipython from 5.3.0 to 7.16.3.

Commits

d43c7c7 release 7.16.3
5fa1e40 Merge pull request from GHSA-pq7m-3gw7-gq5x
8df8971 back to dev
9f477b7 release 7.16.2
138f266 bring back release helper from master branch
5aa3634 Merge pull request #13341 from meeseeksmachine/auto-backport-of-pr-13335-on-7...
bcae8e0 Backport PR #13335: What's new 7.16.2
8fcdcd3 Pin Jedi to <0.17.2.
2486838 release 7.16.1
20bdc6f fix conda build
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

Bump urllib3 from 1.22 to 1.26.5 in /async_consumer

opened on 2021-06-01 21:41:09 by dependabot[bot]

Bumps urllib3 from 1.22 to 1.26.5.

Release notes

Sourced from urllib3's releases.

1.26.5

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Fixed deprecation warnings emitted in Python 3.10.

Updated vendored six library to 1.16.0.

Improved performance of URL parser when splitting the authority component.

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

1.26.4

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Changed behavior of the default SSLContext when connecting to HTTPS proxy during HTTPS requests. The default SSLContext now sets check_hostname=True.

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

1.26.3

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Fixed bytes and string comparison issue with headers (Pull #2141)

Changed ProxySchemeUnknown error message to be more actionable if the user supplies a proxy URL without a scheme (Pull #2107)

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

1.26.2

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Fixed an issue where wrap_socket and CERT_REQUIRED wouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052)

1.26.1

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Fixed an issue where two User-Agent headers would be sent if a User-Agent header key is passed as bytes (Pull #2047)

1.26.0

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)

Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning should opt-in explicitly by setting ssl_version=ssl.PROTOCOL_TLSv1_1 (Pull #2002) Starting in urllib3 v2.0: Connections that receive a DeprecationWarning will fail

Deprecated Retry options Retry.DEFAULT_METHOD_WHITELIST, Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST and Retry(method_whitelist=...) in favor of Retry.DEFAULT_ALLOWED_METHODS, Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT, and Retry(allowed_methods=...) (Pull #2000) Starting in urllib3 v2.0: Deprecated options will be removed

... (truncated)

Changelog

Sourced from urllib3's changelog.

1.26.5 (2021-05-26)

Fixed deprecation warnings emitted in Python 3.10.

Updated vendored six library to 1.16.0.

Improved performance of URL parser when splitting the authority component.

1.26.4 (2021-03-15)

Changed behavior of the default SSLContext when connecting to HTTPS proxy during HTTPS requests. The default SSLContext now sets check_hostname=True.

1.26.3 (2021-01-26)

Fixed bytes and string comparison issue with headers (Pull #2141)

Changed ProxySchemeUnknown error message to be more actionable if the user supplies a proxy URL without a scheme. (Pull #2107)

1.26.2 (2020-11-12)

Fixed an issue where wrap_socket and CERT_REQUIRED wouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052)

1.26.1 (2020-11-11)

Fixed an issue where two User-Agent headers would be sent if a User-Agent header key is passed as bytes (Pull #2047)

1.26.0 (2020-11-10)

NOTE: urllib3 v2.0 will drop support for Python 2. Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>_.

Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)

Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning

... (truncated)

Commits

d161647 Release 1.26.5
2d4a3fe Improve performance of sub-authority splitting in URL
2698537 Update vendored six to 1.16.0
07bed79 Fix deprecation warnings for Python 3.10 ssl module
d725a9b Add Python 3.10 to GitHub Actions
339ad34 Use pytest==6.2.4 on Python 3.10+
f271c9c Apply latest Black formatting
1884878 [1.26] Properly proxy EOF on the SSLTransport test suite
a891304 Release 1.26.4
8d65ea1 Merge pull request from GHSA-5phf-pp7p-vc2r
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

Bump pygments from 2.2.0 to 2.7.4

opened on 2021-03-29 17:03:05 by dependabot[bot]

Bumps pygments from 2.2.0 to 2.7.4.

Release notes

Sourced from pygments's releases.

2.7.4

Updated lexers:

Apache configurations: Improve handling of malformed tags (#1656)

CSS: Add support for variables (#1633, #1666)

Crystal (#1650, #1670)

Coq (#1648)

Fortran: Add missing keywords (#1635, #1665)

Ini (#1624)

JavaScript and variants (#1647 -- missing regex flags, #1651)

Markdown (#1623, #1617)

Shell

Lex trailing whitespace as part of the prompt (#1645)

Add missing in keyword (#1652)

SQL - Fix keywords (#1668)

Typescript: Fix incorrect punctuation handling (#1510, #1511)

Fix infinite loop in SML lexer (#1625)

Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (#1637)

Limit recursion with nesting Ruby heredocs (#1638)

Fix a few inefficient regexes for guessing lexers

Fix the raw token lexer handling of Unicode (#1616)

Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!

Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (#1675)

Fix incorrect MATLAB example (#1582)

Thanks to Google's OSS-Fuzz project for finding many of these bugs.

2.7.3

Updated lexers:

Ada (#1581)

HTML (#1615, #1614)

Java (#1594, #1586)

JavaScript (#1605, #1589, #1588)

JSON (#1569 -- this is a complete rewrite)

Lean (#1601)

LLVM (#1612)

Mason (#1592)

MySQL (#1555, #1551)

Rust (#1608)

Turtle (#1590, #1553)

Deprecated JsonBareObjectLexer, which is now identical to JsonLexer (#1600)

The ImgFormatter now calculates the exact character width, which fixes some issues with overlapping text (#1213, #1611)

... (truncated)

Changelog

Sourced from pygments's changelog.

Version 2.7.4

(released January 12, 2021)

Updated lexers:

Apache configurations: Improve handling of malformed tags (#1656)

CSS: Add support for variables (#1633, #1666)

Crystal (#1650, #1670)

Coq (#1648)

Fortran: Add missing keywords (#1635, #1665)

Ini (#1624)

JavaScript and variants (#1647 -- missing regex flags, #1651)

Markdown (#1623, #1617)

Shell

Lex trailing whitespace as part of the prompt (#1645)

Add missing in keyword (#1652)

SQL - Fix keywords (#1668)

Typescript: Fix incorrect punctuation handling (#1510, #1511)

Fix infinite loop in SML lexer (#1625)

Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (#1637)

Limit recursion with nesting Ruby heredocs (#1638)

Fix a few inefficient regexes for guessing lexers

Fix the raw token lexer handling of Unicode (#1616)

Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!

Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (#1675)

Fix incorrect MATLAB example (#1582)

Thanks to Google's OSS-Fuzz project for finding many of these bugs.

Version 2.7.3

(released December 6, 2020)

Updated lexers:

Ada (#1581)

HTML (#1615, #1614)

Java (#1594, #1586)

JavaScript (#1605, #1589, #1588)

JSON (#1569 -- this is a complete rewrite)

Lean (#1601)

LLVM (#1612)

Mason (#1592)

... (truncated)

Commits

4d555d0 Bump version to 2.7.4.
fc3b05d Update CHANGES.
ad21935 Revert "Added dracula theme style (#1636)"
e411506 Prepare for 2.7.4 release.
275e34d doc: remove Perl 6 ref
2e7e8c4 Fix several exponential/cubic complexity regexes found by Ben Caller/Doyensec
eb39c43 xquery: fix pop from empty stack
2738778 fix coding style in test_analyzer_lexer
02e0f09 Added 'ERROR STOP' to fortran.py keywords. (#1665)
c83fe48 support added for css variables (#1633)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

Bump pygments from 2.2.0 to 2.7.4 in /dockers

opened on 2021-03-29 16:44:32 by dependabot[bot]

Bumps pygments from 2.2.0 to 2.7.4.

Release notes

Sourced from pygments's releases.

2.7.4

Updated lexers:

Apache configurations: Improve handling of malformed tags (#1656)

CSS: Add support for variables (#1633, #1666)

Crystal (#1650, #1670)

Coq (#1648)

Fortran: Add missing keywords (#1635, #1665)

Ini (#1624)

JavaScript and variants (#1647 -- missing regex flags, #1651)

Markdown (#1623, #1617)

Shell

Lex trailing whitespace as part of the prompt (#1645)

Add missing in keyword (#1652)

SQL - Fix keywords (#1668)

Typescript: Fix incorrect punctuation handling (#1510, #1511)

Fix infinite loop in SML lexer (#1625)

Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (#1637)

Limit recursion with nesting Ruby heredocs (#1638)

Fix a few inefficient regexes for guessing lexers

Fix the raw token lexer handling of Unicode (#1616)

Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!

Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (#1675)

Fix incorrect MATLAB example (#1582)

Thanks to Google's OSS-Fuzz project for finding many of these bugs.

2.7.3

Updated lexers:

Ada (#1581)

HTML (#1615, #1614)

Java (#1594, #1586)

JavaScript (#1605, #1589, #1588)

JSON (#1569 -- this is a complete rewrite)

Lean (#1601)

LLVM (#1612)

Mason (#1592)

MySQL (#1555, #1551)

Rust (#1608)

Turtle (#1590, #1553)

Deprecated JsonBareObjectLexer, which is now identical to JsonLexer (#1600)

The ImgFormatter now calculates the exact character width, which fixes some issues with overlapping text (#1213, #1611)

... (truncated)

Changelog

Sourced from pygments's changelog.

Version 2.7.4

(released January 12, 2021)

Updated lexers:

Apache configurations: Improve handling of malformed tags (#1656)

CSS: Add support for variables (#1633, #1666)

Crystal (#1650, #1670)

Coq (#1648)

Fortran: Add missing keywords (#1635, #1665)

Ini (#1624)

JavaScript and variants (#1647 -- missing regex flags, #1651)

Markdown (#1623, #1617)

Shell

Lex trailing whitespace as part of the prompt (#1645)

Add missing in keyword (#1652)

SQL - Fix keywords (#1668)

Typescript: Fix incorrect punctuation handling (#1510, #1511)

Fix infinite loop in SML lexer (#1625)

Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (#1637)

Limit recursion with nesting Ruby heredocs (#1638)

Fix a few inefficient regexes for guessing lexers

Fix the raw token lexer handling of Unicode (#1616)

Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!

Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (#1675)

Fix incorrect MATLAB example (#1582)

Thanks to Google's OSS-Fuzz project for finding many of these bugs.

Version 2.7.3

(released December 6, 2020)

Updated lexers:

Ada (#1581)

HTML (#1615, #1614)

Java (#1594, #1586)

JavaScript (#1605, #1589, #1588)

JSON (#1569 -- this is a complete rewrite)

Lean (#1601)

LLVM (#1612)

Mason (#1592)

... (truncated)

Commits

4d555d0 Bump version to 2.7.4.
fc3b05d Update CHANGES.
ad21935 Revert "Added dracula theme style (#1636)"
e411506 Prepare for 2.7.4 release.
275e34d doc: remove Perl 6 ref
2e7e8c4 Fix several exponential/cubic complexity regexes found by Ben Caller/Doyensec
eb39c43 xquery: fix pop from empty stack
2738778 fix coding style in test_analyzer_lexer
02e0f09 Added 'ERROR STOP' to fortran.py keywords. (#1665)
c83fe48 support added for css variables (#1633)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

Bump pyyaml from 3.12 to 5.4

opened on 2021-03-25 21:40:57 by dependabot[bot]

Bumps pyyaml from 3.12 to 5.4.

Changelog

Sourced from pyyaml's changelog.

5.4 (2021-01-19)

yaml/pyyaml#407 -- Build modernization, remove distutils, fix metadata, build wheels, CI to GHA

yaml/pyyaml#472 -- Fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader

yaml/pyyaml#441 -- Fix memory leak in implicit resolver setup

yaml/pyyaml#392 -- Fix py2 copy support for timezone objects

yaml/pyyaml#378 -- Fix compatibility with Jython

5.3.1 (2020-03-18)

yaml/pyyaml#386 -- Prevents arbitrary code execution during python/object/new constructor

5.3 (2020-01-06)

yaml/pyyaml#290 -- Use is instead of equality for comparing with None

yaml/pyyaml#270 -- Fix typos and stylistic nit

yaml/pyyaml#309 -- Fix up small typo

yaml/pyyaml#161 -- Fix handling of slots

yaml/pyyaml#358 -- Allow calling add_multi_constructor with None

yaml/pyyaml#285 -- Add use of safe_load() function in README

yaml/pyyaml#351 -- Fix reader for Unicode code points over 0xFFFF

yaml/pyyaml#360 -- Enable certain unicode tests when maxunicode not > 0xffff

yaml/pyyaml#359 -- Use full_load in yaml-highlight example

yaml/pyyaml#244 -- Document that PyYAML is implemented with Cython

yaml/pyyaml#329 -- Fix for Python 3.10

yaml/pyyaml#310 -- Increase size of index, line, and column fields

yaml/pyyaml#260 -- Remove some unused imports

yaml/pyyaml#163 -- Create timezone-aware datetimes when parsed as such

yaml/pyyaml#363 -- Add tests for timezone

5.2 (2019-12-02)

Repair incompatibilities introduced with 5.1. The default Loader was changed, but several methods like add_constructor still used the old default yaml/pyyaml#279 -- A more flexible fix for custom tag constructors yaml/pyyaml#287 -- Change default loader for yaml.add_constructor yaml/pyyaml#305 -- Change default loader for add_implicit_resolver, add_path_resolver

Make FullLoader safer by removing python/object/apply from the default FullLoader yaml/pyyaml#347 -- Move constructor for object/apply to UnsafeConstructor

Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff yaml/pyyaml#276 -- Fix logic for quoting special characters

Other PRs: yaml/pyyaml#280 -- Update CHANGES for 5.1

5.1.2 (2019-07-30)

Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b2+

... (truncated)

Commits

58d0cb7 5.4 release
a60f7a1 Fix compatibility with Jython
ee98abd Run CI on PR base branch changes
ddf2033 constructor.timezone: _copy & deepcopy
fc914d5 Avoid repeatedly appending to yaml_implicit_resolvers
a001f27 Fix for CVE-2020-14343
fe15062 Add 3.9 to appveyor file for completeness sake
1e1c7fb Add a newline character to end of pyproject.toml
0b6b7d6 Start sentences and phrases for capital letters
c976915 Shell code improvements
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

Shanghai Chule(CooTek) Technology Information Co., Ltd.

GitHub Repository