Performance History
Latest Results
Reject text after closing bracket in IP-literal authorities
Per RFC 3986 ยง3.2.2, after the closing ']' of an IP-literal only
':' <port> or end-of-authority is valid. Previously yarl silently
accepted and normalized URLs like 'http://[::1]allowed.example:1/'
to 'http://[::1]:1/', dropping the trailing suffix and changing the
effective host identity.
The fix adds validation in split_url() (primary gate) and
defense-in-depth in split_netloc() for direct callers.
rodrigobnogueira:fix/reject-text-after-ipv6-bracket
3 hours ago
Merge branch 'maintenance/funding-sync'
master
12 hours ago
Merge branch 'maintenance/funding-sync'
master
2 days ago
Merge branch 'maintenance/funding-sync'
master
3 days ago
Bump test-summary/action from 2.4 to 2.6
Bumps [test-summary/action](https://github.com/test-summary/action) from 2.4 to 2.6.
- [Release notes](https://github.com/test-summary/action/releases)
- [Commits](https://github.com/test-summary/action/compare/v2.4...v2.6)
---
updated-dependencies:
- dependency-name: test-summary/action
dependency-version: '2.6'
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
dependabot/github_actions/test-summary/action-2.6
3 days ago
Merge branch 'maintenance/funding-sync'
master
4 days ago
๐ฐ Add Tidelift to the FUNDING config
webknjaz:maintenance/funding-sync
4 days ago
Merge branch 'maintenance/funding-sync'
master
4 days ago
Latest Branches
0%
3 hours ago
b5e7103
rodrigobnogueira:fix/reject-text-after-ipv6-bracket
0%
3 days ago
f1df0b1
dependabot/github_actions/test-summary/action-2.6
0%
4 days ago
6efe6f6
webknjaz:maintenance/funding-sync