This repository has been archived by the owner on May 1, 2023. It is now read-only.
Releases: facebookarchive/profilo
Releases · facebookarchive/profilo
release-c5c73642: Bump follow-redirects from 1.14.7 to 1.14.8 in /website (#105)
Summary: Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.7 to 1.14.8. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/3d81dc3237b4ffe8b722bb3d1c70a7866657166e"><code>3d81dc3</code></a> Release version 1.14.8 of the npm package.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445"><code>62e546a</code></a> Drop confidential headers across schemes.</li> <li>See full diff in <a href="https://github.com/follow-redirects/follow-redirects/compare/v1.14.7...v1.14.8">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `dependabot rebase` will rebase this PR - `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `dependabot merge` will merge this PR after your CI passes on it - `dependabot squash and merge` will squash and merge this PR after your CI passes on it - `dependabot cancel merge` will cancel a previously requested merge and block automerging - `dependabot reopen` will reopen this PR if it is closed - `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebookincubator/profilo/network/alerts). </details> Pull Request resolved: https://github.com/facebookincubator/profilo/pull/105 Reviewed By: yukonfb Differential Revision: D34458438 Pulled By: aandreyeu fbshipit-source-id: c2a0e5ab0746d40c3cd2f45bac6f538f812a7709
release-c42c7f13: Bump url-parse from 1.5.3 to 1.5.7 in /website (#106)
Summary: Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.5.3 to 1.5.7. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/unshiftio/url-parse/commit/8b3f5f2c88a4cfc2880f2319c307994cb25bb10a"><code>8b3f5f2</code></a> 1.5.7</li> <li><a href="https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788"><code>ef45a13</code></a> [fix] Readd the empty userinfo to <code>url.href</code> (<a href="https://github-redirect.dependabot.com/unshiftio/url-parse/issues/226">#226</a>)</li> <li><a href="https://github.com/unshiftio/url-parse/commit/88df2346855f70cec9713b362ca32a4691dc271a"><code>88df234</code></a> [doc] Add soft deprecation notice</li> <li><a href="https://github.com/unshiftio/url-parse/commit/78e9f2f41285d83e7d91706be5bd439656fe3bc3"><code>78e9f2f</code></a> [security] Fix nits</li> <li><a href="https://github.com/unshiftio/url-parse/commit/e6fa43422c52f34c73146552ec9916125dc59525"><code>e6fa434</code></a> [security] Add credits for incorrect handling of userinfo vulnerability</li> <li><a href="https://github.com/unshiftio/url-parse/commit/4c9fa234c01dca52698666378360ad2fdfb05470"><code>4c9fa23</code></a> 1.5.6</li> <li><a href="https://github.com/unshiftio/url-parse/commit/7b0b8a6671f806458e88b1f44feb0fdd742cdf06"><code>7b0b8a6</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/unshiftio/url-parse/issues/223">#223</a> from unshiftio/fix/at-sign-handling-in-userinfo</li> <li><a href="https://github.com/unshiftio/url-parse/commit/e4a5807d95b971577e4d888f5b99d64a40851386"><code>e4a5807</code></a> 1.5.5</li> <li><a href="https://github.com/unshiftio/url-parse/commit/193b44baf3d203560735e05eedc99d8244c9e16c"><code>193b44b</code></a> [minor] Simplify whitespace regex</li> <li><a href="https://github.com/unshiftio/url-parse/commit/319851bf1c294796fc73e29ff31b14d9084e4a0d"><code>319851b</code></a> [fix] Remove CR, HT, and LF</li> <li>Additional commits viewable in <a href="https://github.com/unshiftio/url-parse/compare/1.5.3...1.5.7">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `dependabot rebase` will rebase this PR - `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `dependabot merge` will merge this PR after your CI passes on it - `dependabot squash and merge` will squash and merge this PR after your CI passes on it - `dependabot cancel merge` will cancel a previously requested merge and block automerging - `dependabot reopen` will reopen this PR if it is closed - `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebookincubator/profilo/network/alerts). </details> Pull Request resolved: https://github.com/facebookincubator/profilo/pull/106 Reviewed By: yukonfb Differential Revision: D34407865 Pulled By: aandreyeu fbshipit-source-id: 1ebc3fc3ed72dfa6b736e3c9d1d35c06689f3793
release-3b74e707: address path traversal vulnerability
Summary: Address vulnerability task as per the suggested fix. Also address a bug in the previously reverted diff D33633205 (https://github.com/facebookincubator/profilo/commit/62b922a1a4c7530c2dc9b4e6a34d48cb20b8f355), by comparing canonical path substrings instead of the directory name. Reviewed By: yanivsb Differential Revision: D34415536 fbshipit-source-id: 60d8edea45d0b80429c5e008182e9abf951e137f
release-3ca8b89c: Move/improve comment for ensure_symbols
Summary: Move function comment to header file. Rename some params as a side bonus, new param names avoid any confusions with 🚢 s or any other unsavory connotations lol... Reviewed By: agampe Differential Revision: D34016879 fbshipit-source-id: 9e8327e94eea6dc91e877c8387d4beb3becd822f
release-2157ed75: Parameter to control partial stacks logging
Differential Revision: D34159177 fbshipit-source-id: 8b9df5a62190794efd1e01ddbdae456c0035a6bb
release-1e8c7e65: Partial stacks logging for debugging
Differential Revision: D34152727 fbshipit-source-id: 6c406550f7987d30eea0393673faf1e35864332e
release-d3a275d0: Upload Quota Mechanism removal
Reviewed By: yukonfb Differential Revision: D33833423 fbshipit-source-id: 3c3f687877ede50615fc12bc5bf4b68c971dab08
release-3773cce0: Update fmt to 8.1.1
Summary: This is a resubmit of D33713304 (https://github.com/facebookincubator/profilo/commit/c2430027a0f02d21012c77cdb57906c144c47f97) which was reverted because of a build issue in caffe2 (fixed in D33864790). Reviewed By: capickett Differential Revision: D33864886 fbshipit-source-id: 109de1cd520ae080b53fb52b8ea500cf1c523705
release-32403a3b: Bump numpy from 1.14.0 to 1.21.0 in /python (#103)
Summary: Bumps [numpy](https://github.com/numpy/numpy) from 1.14.0 to 1.21.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/numpy/numpy/releases">numpy's releases</a>.</em></p> <blockquote> <h2>v1.21.0</h2> <h1>NumPy 1.21.0 Release Notes</h1> <p>The NumPy 1.21.0 release highlights are</p> <ul> <li>continued SIMD work covering more functions and platforms,</li> <li>initial work on the new dtype infrastructure and casting,</li> <li>universal2 wheels for Python 3.8 and Python 3.9 on Mac,</li> <li>improved documentation,</li> <li>improved annotations,</li> <li>new <code>PCG64DXSM</code> bitgenerator for random numbers.</li> </ul> <p>In addition there are the usual large number of bug fixes and other improvements.</p> <p>The Python versions supported for this release are 3.7-3.9. Official support for Python 3.10 will be added when it is released.</p> <p>:warning: Warning: there are unresolved problems compiling NumPy 1.21.0 with gcc-11.1 .</p> <ul> <li>Optimization level <code>-O3</code> results in many wrong warnings when running the tests.</li> <li>On some hardware NumPy will hang in an infinite loop.</li> </ul> <h2>New functions</h2> <h3>Add PCG64DXSM BitGenerator</h3> <p>Uses of the PCG64 BitGenerator in a massively-parallel context have been shown to have statistical weaknesses that were not apparent at the first release in numpy 1.17. Most users will never observe this weakness and are safe to continue to use PCG64. We have introduced a new PCG64DXSM BitGenerator that will eventually become the new default BitGenerator implementation used by <code>default_rng</code> in future releases. PCG64DXSM solves the statistical weakness while preserving the performance and the features of PCG64.</p> <p>See <code>upgrading-pcg64</code> for more details.</p> <p>(<a href="https://github-redirect.dependabot.com/numpy/numpy/pull/18906">gh-18906</a>)</p> <h2>Expired deprecations</h2> <ul> <li>The <code>shape</code> argument <code>numpy.unravel_index</code> cannot be passed as <code>dims</code> keyword argument anymore. (Was deprecated in NumPy 1.16.)</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/numpy/numpy/commit/b235f9e701e14ed6f6f6dcba885f7986a833743f"><code>b235f9e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/numpy/numpy/issues/19283">#19283</a> from charris/prepare-1.21.0-release</li> <li><a href="https://github.com/numpy/numpy/commit/34aebc2824cf8c2bdbe19040b82f98f18557c8ba"><code>34aebc2</code></a> MAINT: Update 1.21.0-notes.rst</li> <li><a href="https://github.com/numpy/numpy/commit/493b64bfe9c5396498325b87e5e80e1917555c41"><code>493b64b</code></a> MAINT: Update 1.21.0-changelog.rst</li> <li><a href="https://github.com/numpy/numpy/commit/07d7e72ab6880c05b5fdd98482cf88982e778393"><code>07d7e72</code></a> MAINT: Remove accidentally created directory.</li> <li><a href="https://github.com/numpy/numpy/commit/032fca5e2e9749b152ec56153f476e05efdff287"><code>032fca5</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/numpy/numpy/issues/19280">#19280</a> from charris/backport-19277</li> <li><a href="https://github.com/numpy/numpy/commit/7d25b81025a50cc0368f5727c65e875ca769469a"><code>7d25b81</code></a> BUG: Fix refcount leak in ResultType</li> <li><a href="https://github.com/numpy/numpy/commit/fa5754e8c159a37fcd9345df261cf82821088ea0"><code>fa5754e</code></a> BUG: Add missing DECREF in new path</li> <li><a href="https://github.com/numpy/numpy/commit/61127bb4d46d523b699da1b63abaa5035670da27"><code>61127bb</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/numpy/numpy/issues/19268">#19268</a> from charris/backport-19264</li> <li><a href="https://github.com/numpy/numpy/commit/143d45fff3ed9e051bdeef7bdb4df38025ea7d1c"><code>143d45f</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/numpy/numpy/issues/19269">#19269</a> from charris/backport-19228</li> <li><a href="https://github.com/numpy/numpy/commit/d80e4738f781a1d206bbc04a2e863299e5f2e104"><code>d80e473</code></a> BUG: Removed typing for == and != in dtypes</li> <li>Additional commits viewable in <a href="https://github.com/numpy/numpy/compare/v1.14.0...v1.21.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `dependabot rebase` will rebase this PR - `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `dependabot merge` will merge this PR after your CI passes on it - `dependabot squash and merge` will squash and merge this PR after your CI passes on it - `dependabot cancel merge` will cancel a previously requested merge and block automerging - `dependabot reopen` will reopen this PR if it is closed - `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebookincubator/profilo/network/alerts). </details> Pull Request resolved: https://github.com/facebookincubator/profilo/pull/103 Reviewed By: yukonfb Differential Revision: D33922169 Pulled By: aandreyeu fbshipit-source-id: c27fcd3b13b4379225fdb21c6f7284466c904842
release-c2430027: Update fmt to 8.1.1
Summary: Update fmt to 8.1.1 with minor fbcode compatibility tweaks: 1. Null C strings are formatted as "(null)" instead of throwing an exception. 2. Scoped enums are formatted as integers. 3. Disable diagnostic for objects convertible to pointers. This also required a few fixes in fbsource, mostly overspecified tests that assumed trailing ".0" in FP output that is no longer produced by default for compatibility with `std::format` / `std::to_chars`. Reviewed By: scramsby, capickett Differential Revision: D33713304 fbshipit-source-id: 1bdb91c5731d4e41b487eb242ed8b45e73ed1cae