Avatar for the aio-libs user
aio-libs
yarl
BlogDocsChangelog

Performance History

Latest Results

Reject URLs with text before bracket in host (#1654)
master
7 hours ago
Update setuptools requirement from >=47 to >=82.0.1 Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](https://github.com/pypa/setuptools/compare/v47.0.0...v82.0.1) --- updated-dependencies: - dependency-name: setuptools dependency-version: 82.0.1 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot/pip/setuptools-gte-82.0.1
1 day ago
Bump softprops/action-gh-release from 2 to 3 Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2 to 3. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/v2...v3) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot/github_actions/softprops/action-gh-release-3
1 day ago
Reject URLs with text before bracket in host (#1654)
master
1 day ago
Reject URLs with text before bracket in host (#1654)
master
2 days ago
[pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci
rodrigobnogueira:fix-host-validation
2 days ago
[pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci
rodrigobnogueira:fix-host-validation
2 days ago
Reject URLs with text before bracket in host Per RFC 3986, IP-literal brackets must be at the start of the host component: host = IP-literal / IPv4address / reg-name Previously, split_url() and split_netloc() would silently discard any text before '[' in the host. For example: yarl.URL('http://127.0.0.1[aa::ff]').host -> 'aa::ff' This caused yarl to silently extract and use the bracketed content, ignoring the preceding text, which can cause parsers to diverge. Fix: validate that '[' is the first character of the host portion of the netloc (after stripping userinfo@). If any text precedes the opening bracket, raise ValueError('Invalid IPv6 URL'). The reversed-brackets test case (']...[') now correctly gets caught by this earlier check rather than the content validation check.
rodrigobnogueira:fix-ssrf-bracket-bypass
2 days ago

Latest Branches

CodSpeed Performance Gauge
0%
Update setuptools requirement from >=47 to >=82.0.1#1657
1 day ago
d315ca5
dependabot/pip/setuptools-gte-82.0.1
CodSpeed Performance Gauge
0%
Bump softprops/action-gh-release from 2 to 3#1656
1 day ago
0841221
dependabot/github_actions/softprops/action-gh-release-3
CodSpeed Performance Gauge
0%
Fix host validation: IPv6 zone ID characters and NFKC percent bypass#1655
2 days ago
979a271
rodrigobnogueira:fix-host-validation
© 2026 CodSpeed Technology
Home Terms Privacy Docs