Skip to content

deps(deps): Bump the python-patch group across 1 directory with 3 updates#9

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-patch-ab35549065
Open

deps(deps): Bump the python-patch group across 1 directory with 3 updates#9
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-patch-ab35549065

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown

Bumps the python-patch group with 3 updates in the / directory: striprtf, rapidfuzz and py7zr.

Updates striprtf from 0.0.29 to 0.0.32

Release notes

Sourced from striprtf's releases.

new release v0.0.32

No release notes provided.

new release

Fixes #66

new release

Fixed joshy/striprtf#63

Changelog

Sourced from striprtf's changelog.

v0.0.32 - 27.04.206

  • Wrong _version file

v0.0.31 - 23.04.206

  • Accidently added twine as runtime dependency

v0.0.30 - 23.04.206

Commits

Updates rapidfuzz from 3.14.3 to 3.14.5

Release notes

Sourced from rapidfuzz's releases.

Release 3.14.5

Fixed

  • fix release ci attempting to upload a pyodide wheel

Release 3.14.4

Added

  • add risc64 wheels
  • add support for taskflow 4.0.0

Changed

  • upgrade to Cython==3.2.4.

Fixed

  • fix type hints for extractOne when no score_cutoff is provided
Changelog

Sourced from rapidfuzz's changelog.

Changelog

[3.14.5] - 2026-08-07 ^^^^^^^^^^^^^^^^^^^^^ Fixed

* fix release ci attempting to upload a pyodide wheel

[3.14.4] - 2026-04-06 ^^^^^^^^^^^^^^^^^^^^^ Added

  • add risc64 wheels
  • add support for taskflow 4.0.0

Changed

* upgrade to ``Cython==3.2.4``.

Fixed

* fix type hints for extractOne when no score_cutoff is provided

[3.14.3] - 2025-11-01
^^^^^^^^^^^^^^^^^^^^^
Fixed

  • add missing pypy and freethreaded linux wheels

Removed

  • drop s390x and ppc64le wheels since they are virtually unused and require extremly long to build under emulation

[3.14.2] - 2025-10-30 ^^^^^^^^^^^^^^^^^^^^^ Changed

* upgrade to ``Cython==3.1.6``
* enable free threading

[3.14.1] - 2025-09-08 ^^^^^^^^^^^^^^^^^^^^^ Fixed

* Fully disable line tracing in release builds

[3.14.0] - 2025-08-27
^^^^^^^^^^^^^^^^^^^^^
Changed
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>

<ul>
<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/edf9f3c2d016c878dae1511301f8b4a501bba871&quot;&gt;&lt;code&gt;edf9f3c&lt;/code&gt;&lt;/a> fix release ci</li>
<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/3d8470bf60062dda5c200517f61a8ff43e3e9ef2&quot;&gt;&lt;code&gt;3d8470b&lt;/code&gt;&lt;/a> enable verbose publish</li>
<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/7fd4ee202b5e3cc9f158f505a33d934a68c14148&quot;&gt;&lt;code&gt;7fd4ee2&lt;/code&gt;&lt;/a> Bump the github-actions group across 1 directory with 3 updates</li>
<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/9691cf1bf985eaf59f6c968f3d7cd8e59054ebaa&quot;&gt;&lt;code&gt;9691cf1&lt;/code&gt;&lt;/a> tag release</li>
<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/fd16748843be7d1a4842604fa3429e3943e80e5c&quot;&gt;&lt;code&gt;fd16748&lt;/code&gt;&lt;/a> ci: switch riscv64 from QEMU to native RISE runner</li>
<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/7f7d58b91a2716eaaec939a72b476ab1bf1ead1b&quot;&gt;&lt;code&gt;7f7d58b&lt;/code&gt;&lt;/a> ci: add riscv64 wheel builds via QEMU</li>
<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/f4b56942bdbbb99bba556656ea8a0aef1e8c12f0&quot;&gt;&lt;code&gt;f4b5694&lt;/code&gt;&lt;/a> Bump pypa/cibuildwheel from 3.3.1 to 3.4.0 in the github-actions group</li>
<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/f2873ce9868285eca1d05d8645791d76a2b545fe&quot;&gt;&lt;code&gt;f2873ce&lt;/code&gt;&lt;/a> Bump the github-actions group across 1 directory with 3 updates</li>
<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/4e48509d858454ea994521f90ae8c5d66eb15073&quot;&gt;&lt;code&gt;4e48509&lt;/code&gt;&lt;/a> support Taskflow 4.0.0</li>
<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/70480396a66fadabd897407ce289978dec2c13c0&quot;&gt;&lt;code&gt;7048039&lt;/code&gt;&lt;/a> Bump the github-actions group across 1 directory with 4 updates</li>
<li>Additional commits viewable in <a href="https://github.com/rapidfuzz/RapidFuzz/compare/v3.14.3...v3.14.5&quot;&gt;compare view</a></li>
</ul>
</details>

<br />

Updates py7zr from 1.1.0 to 1.1.3

Release notes

Sourced from py7zr's releases.

Release version 1.1.3: Fix multiple vulnerabilities

  • CVE-2026-23879: Arbitrary File Write Vulnerability in py7zr (high severity)
    • Harden check of path traversal and enhance test cases to reproduce many attack scenarios.
  • CVE-2026-55206: O(n^2) algorithmic complexity DoS in PackInfo._read() in py7zr
    • Enforced variation of the parameter with a limit and optimized calculation algorithm to prevent excessive CPU consumption.
  • CVE-2026-55195: py7zr <= 1.1.2: Decompression bomb (zip bomb) denial of service via unchecked extraction size
    • Added check of extraction size and introduced max_extract_size as constructor parameter to guard against excessive decompression.

Update path sanitize

No release notes provided.

Changelog

Sourced from py7zr's changelog.

v1.1.3_

Security

  • CVE-2026-23879: Arbitrary File Write Vulnerability in py7zr (high severity)
    • Harden check of path traversal and enhance test cases to reproduce many attack scenarios.
  • CVE-2026-55206: O(n^2) algorithmic complexity DoS in PackInfo._read() in py7zr
    • Enforced variation of the parameter with a limit and optimized calculation algorithm to prevent excessive CPU consumption.
  • CVE-2026-55195: py7zr <= 1.1.2: Decompression bomb (zip bomb) denial of service via unchecked extraction size
    • Added check of extraction size and introduced max_extract_size as constructor parameter to guard against excessive decompression.

Notes:

  • Fixed three security vulnerabilities in the py7zr library.
  • Improvements made include path traversal hardening, optimization of CPU-intensive algorithms, and protection against zip bombs.

Fixed

  • BufferError when calling Py7zBytesIO.size() (#736,#737)
  • fix: extractall() raises TypeError: int() argument must be a string, a bytes-like object or a real number, not 'NoneType' (#734,#735)

Changed

  • feat(io): add Py7zIO.close() lifecycle hook called once per extracted file (#699,#732)
  • test: Bump dependency libarchive@3.8.7
  • ci: bump numerous actions with SHA256 hash and newer versions (#729,#730)

v1.1.2_

Security

  • security: fix Zip-Slip vulnerability by symlink

Removed

  • Remove Code of Conduct from repository.

Changed

  • remove unused _lzma imports

v1.1.1_

Fixed

  • fix: default unix file attributes with proper permissions (#705)

... (truncated)

Commits
  • e278bc0 Release v1.1.3: Multiple security fixes
  • e4a225b docs: update authors and changelog with recent contributions and security fixes
  • 94db766 Merge commit from fork
  • d9ee25c Merge commit from fork
  • c1c8001 Merge commit from fork
  • 7e03185 Merge pull request #732 from SAY-5/feat/issue-699-py7zio-close
  • 2de71fb Merge pull request #735 from gaoflow/fix-734-missing-lastwritetime
  • f429952 Merge branch 'master' into fork/SAY-5/feat/issue-699-py7zio-close
  • b181a4b Merge branch 'master' into fork/gaoflow/fix-734-missing-lastwritetime
  • 1534b3f Merge pull request #737 from miurahr/topic/miurahr/fix-pypy-getbuffer
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…ates

Bumps the python-patch group with 3 updates in the / directory: [striprtf](https://github.com/joshy/striprtf), [rapidfuzz](https://github.com/rapidfuzz/RapidFuzz) and [py7zr](https://github.com/miurahr/py7zr).


Updates `striprtf` from 0.0.29 to 0.0.32
- [Release notes](https://github.com/joshy/striprtf/releases)
- [Changelog](https://github.com/joshy/striprtf/blob/master/CHANGELOG.md)
- [Commits](joshy/striprtf@v0.0.29...v0.0.32)

Updates `rapidfuzz` from 3.14.3 to 3.14.5
- [Release notes](https://github.com/rapidfuzz/RapidFuzz/releases)
- [Changelog](https://github.com/rapidfuzz/RapidFuzz/blob/main/CHANGELOG.rst)
- [Commits](rapidfuzz/RapidFuzz@v3.14.3...v3.14.5)

Updates `py7zr` from 1.1.0 to 1.1.3
- [Release notes](https://github.com/miurahr/py7zr/releases)
- [Changelog](https://github.com/miurahr/py7zr/blob/master/docs/Changelog.rst)
- [Commits](miurahr/py7zr@v1.1.0...v1.1.3)

---
updated-dependencies:
- dependency-name: striprtf
  dependency-version: 0.0.32
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-patch
- dependency-name: rapidfuzz
  dependency-version: 3.14.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-patch
- dependency-name: py7zr
  dependency-version: 1.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

exbuf added a commit that referenced this pull request Jul 2, 2026
adopters see themselves first; drop artificial "Home user"
identity segregation

The list opened with **Home user** (least likely PyPI/GitHub
discoverer) and buried the technical roles most likely to reach
peekdocs through Python-packaging channels at positions #10–12
(AI/ML engineer, Engineer, Developer / programmer). A first-time
visitor arriving from a GitHub search for "python document
search cli" scrolled past four non-technical bullets before
seeing themselves.

Also, having **Home user** as one bullet among "Office worker /
Developer / Sysadmin" implicitly framed the other 12 bullets as
NOT home users — contradicting the "entirely on your own
computer" opening. peekdocs is local-only; every user IS a
home user.

**Reordered** so tech-heavy adopters land at the top:

  1. Developer / programmer     (was #12)
  2. Sysadmin                   (was #6)
  3. AI/ML engineer             (was #10)
  4. IT consultant              (was #4, expanded)
  5. Data researcher            (was #9)
  6. Engineer                   (was #11)
  7. Documentation team         (was #7)
  8. Auditor or review          (was #5)
  9. Researcher                 (was #8)
  10. Small business owner      (was #3, absorbed the Home-user
                                 tax-search scenario as a
                                 "Personal side" note)
  11. Office worker             (was #2)

**Dropped two bullets:**

  - **Home user** — the "everybody is a home user" framing now
    lives in the section's opening paragraph ("entirely on your
    own computer"), applying to every bullet rather than being
    one bullet's identity. The tax-search scenario is folded
    into Small business owner as a "Personal side" note so no
    concrete example is lost.

  - **Email archives** — was a file type, not a role. Odd one
    out in a role-shaped list. Already covered by the intro's
    file-type enumeration (Word, PDF, Excel, email, scanned
    documents, archives, and 100+ more).

**Enhanced two one-liners:**

  - **Sysadmin** was "Search 20 GB of log files for a request ID
    across mixed archives." Added the `.gz`/`.bz2`/`.zip`/`.tar`
    detail (read natively without unpacking) and the --watch
    NDJSON streaming detail for pipeline integration.

  - **IT consultant** was "Search a folder of client documents
    for a set of terms." Added the standalone-binary-on-USB
    workflow (--output-dir back to the USB, --no-index for zero
    artifacts) and a cross-link to the Portable / consulting
    use section added earlier this session (fc9fd98).

All other bullets keep their descriptions verbatim — only their
position in the list changed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants