[PR #1399] [CLOSED] Bump the pip group across 1 directory with 3 updates #1401

New issue

Closed

opened 2026-03-01 14:49:38 +03:00 by kerem · 0 comments

kerem commented

2026-03-01 14:49:38 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/ArchiveBox/ArchiveBox/pull/1399
Author: @dependabot[bot]
Created: 4/12/2024
Status: ❌ Closed

Base: main ← Head: dependabot/pip/pip-1fec1aadee

📝 Commits (1)

83fdf37 Bump the pip group across 1 directory with 3 updates

📊 Changes

1 file changed (+3 additions, -3 deletions)

View changed files

📝 requirements.txt (+3 -3)

📄 Description

Bumps the pip group with 3 updates in the / directory: django, idna and yt-dlp.

Updates django from 3.1.14 to 3.2.25

Commits

c98eca3 [3.2.x] Bumped version for 3.2.25 release.
072963e [3.2.x] Fixed CVE-2024-27351 -- Prevented potential ReDoS in Truncator.words().
2ad2676 [3.2.x] Added release date for 3.2.25.
fc41af6 [3.2.x] Fixed #35172 -- Fixed intcomma for string floats.
b9170b4 [3.2.x] Added CVE-2024-24680 to security archive.
e5350a9 [3.2.x] Post release version bump.
f5c8808 [3.2.x] Bumped version for 3.2.24 release.
c1171ff [3.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template ...
9dc3456 [3.2.x] Added stub release notes 3.2.24.
90eae45 [3.2.x] Fixed documented alias of smart_text().
Additional commits viewable in compare view

Updates idna from 3.6 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: https://github.com/kjd/idna/compare/v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Commits

1d365e1 Release v3.7
c1b3154 Merge pull request #172 from kjd/optimize-contextj
0394ec7 Merge branch 'master' into optimize-contextj
cd58a23 Merge pull request #152 from elliotwutingfeng/dev
5beb28b More efficient resolution of joiner contexts
1b12148 Update ossf/scorecard-action to v2.3.1
d516b87 Update Github actions/checkout to v4
c095c75 Merge branch 'master' into dev
60a0a4c Fix typo in GitHub Actions workflow key
5918a0e Merge branch 'master' into dev
Additional commits viewable in compare view

Updates yt-dlp from 2023.12.30 to 2024.4.9

Release notes

Sourced from yt-dlp's releases.

yt-dlp 2024.04.09

A description of the various files are in the README

Important changes

Security: [CVE-2024-22423] Prevent RCE when using --exec with %q on Windows

The shell escape function now properly escapes %, \ and \n.

utils.Popen has been patched accordingly.

Core changes

Add new option --progress-delta (#9082) by Grub4K

Add new options --impersonate and --list-impersonate-targets by bashonly, coletdjnz, Grub4K, pukkandan

Add option --no-break-on-existing (#9610) by bashonly

Fix filesize_approx calculation (#9560) by pukkandan, seproDev

Infer acodec for single-codec containers by pukkandan

Prevent RCE when using --exec with %q (CVE-2024-22423) by Grub4K

cookies: Add --cookies-from-browser support for Firefox Flatpak (#9619) by un-def

utils

traverse_obj

Allow unbranching using all and any (#9571) by Grub4K

Convenience improvements (#9577) by Grub4K

Extractor changes

Add extractor impersonate API (#9474) by bashonly, Grub4K, pukkandan

afreecatv

Overhaul extractor (#9566) by bashonly, Tomoka1

live: Fix extractor (#9348) by hui1601

asobistage: Add extractor (#8735) by pzhlkj6612

box: Support URLs without file IDs (#9504) by shreyasminocha

cbc.ca: player: Support new URL format (#9561) by trainman261

crunchyroll

Extract vo_adaptive_hls formats by default (#9447) by bashonly

Fix extractor (#9615) by bytedream

dropbox: Fix formats extraction (#9627) by bashonly

fathom: Add extractor (#9495) by src-tinkerer

gofile: Fix extractor (#9446) by jazz1611

imgur: Fix extraction (#9471) by trwstin

jiosaavn

Extract artists (#9612) by bashonly

Fix format extensions (#9609) by bashonly

Support playlists (#9622) by bashonly

joqrag: Fix live status detection (#9624) by pzhlkj6612

kick: Support browser impersonation (#9611) by bashonly

loom: Add extractors (#8686) by bashonly, hruzgar

medici: Fix extractor (#9518) by Offert4324

... (truncated)

Changelog

Sourced from yt-dlp's changelog.

Changelog

2024.04.09

Important changes

Security: [CVE-2024-22423] Prevent RCE when using --exec with %q on Windows

The shell escape function now properly escapes %, \ and \n.

utils.Popen has been patched accordingly.

Core changes

Add new option --progress-delta (#9082) by Grub4K

Add new options --impersonate and --list-impersonate-targets by bashonly, coletdjnz, Grub4K, pukkandan

Add option --no-break-on-existing (#9610) by bashonly

Fix filesize_approx calculation (#9560) by pukkandan, seproDev

Infer acodec for single-codec containers by pukkandan

Prevent RCE when using --exec with %q (CVE-2024-22423) by Grub4K

cookies: Add --cookies-from-browser support for Firefox Flatpak (#9619) by un-def

utils

traverse_obj

Allow unbranching using all and any (#9571) by Grub4K

Convenience improvements (#9577) by Grub4K

Extractor changes

Add extractor impersonate API (#9474) by bashonly, Grub4K, pukkandan

afreecatv

Overhaul extractor (#9566) by bashonly, Tomoka1

live: Fix extractor (#9348) by hui1601

asobistage: Add extractor (#8735) by pzhlkj6612

box: Support URLs without file IDs (#9504) by shreyasminocha

cbc.ca: player: Support new URL format (#9561) by trainman261

crunchyroll

Extract vo_adaptive_hls formats by default (#9447) by bashonly

Fix extractor (#9615) by bytedream

dropbox: Fix formats extraction (#9627) by bashonly

fathom: Add extractor (#9495) by src-tinkerer

gofile: Fix extractor (#9446) by jazz1611

imgur: Fix extraction (#9471) by trwstin

jiosaavn

Extract artists (#9612) by bashonly

Fix format extensions (#9609) by bashonly

Support playlists (#9622) by bashonly

joqrag: Fix live status detection (#9624) by pzhlkj6612

kick: Support browser impersonation (#9611) by bashonly

loom: Add extractors (#8686) by bashonly, hruzgar

medici: Fix extractor (#9518) by Offert4324

mixch

... (truncated)

Commits

168e72d Release 2024.04.09
ff07792 [core] Prevent RCE when using --exec with %q (CVE-2024-22423)
216f6a3 [cleanup] Misc (#9426)
b19ae09 [build] Do not include curl_cffi in macos_legacy (#9653)
9590cc6 Add new option --progress-delta (#9082)
79a451e [networking] Respect SSLKEYLOGFILE environment variable (#9543)
df0e138 [docs] Various manpage fixes
2e94602 [ie/jiosaavn] Support playlists (#9622)
4af9d5c [ie/nhk] Fix NHK World extractors (#9623)
36b240f [ie/patreon] Do not extract dead embed URLs (#9613)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/ArchiveBox/ArchiveBox/pull/1399 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 4/12/2024 **Status:** ❌ Closed **Base:** `main` ← **Head:** `dependabot/pip/pip-1fec1aadee` --- ### 📝 Commits (1) - [`83fdf37`](https://github.com/ArchiveBox/ArchiveBox/commit/83fdf37a8c1150a8c495cdc439114a1bc9718f0e) Bump the pip group across 1 directory with 3 updates ### 📊 Changes **1 file changed** (+3 additions, -3 deletions) <details> <summary>View changed files</summary> 📝 `requirements.txt` (+3 -3) </details> ### 📄 Description Bumps the pip group with 3 updates in the / directory: [django](https://github.com/django/django), [idna](https://github.com/kjd/idna) and [yt-dlp](https://github.com/yt-dlp/yt-dlp). Updates `django` from 3.1.14 to 3.2.25 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/django/django/commit/c98eca322af87adf046ab621e7c8a23d340f7afe"><code>c98eca3</code></a> [3.2.x] Bumped version for 3.2.25 release.</li> <li><a href="https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521"><code>072963e</code></a> [3.2.x] Fixed CVE-2024-27351 -- Prevented potential ReDoS in Truncator.words().</li> <li><a href="https://github.com/django/django/commit/2ad2676456316eb211104d1f0cfc8dea7a7ca76b"><code>2ad2676</code></a> [3.2.x] Added release date for 3.2.25.</li> <li><a href="https://github.com/django/django/commit/fc41af69a2e49a717ef069a37e1d68b80a6a5d56"><code>fc41af6</code></a> [3.2.x] Fixed <a href="https://redirect.github.com/django/django/issues/35172">#35172</a> -- Fixed intcomma for string floats.</li> <li><a href="https://github.com/django/django/commit/b9170b4a9e7f0dde5d29ef69354c94efa6d6edfb"><code>b9170b4</code></a> [3.2.x] Added CVE-2024-24680 to security archive.</li> <li><a href="https://github.com/django/django/commit/e5350a931a017fab6aa0026e8f2d6e9ef09e1e1b"><code>e5350a9</code></a> [3.2.x] Post release version bump.</li> <li><a href="https://github.com/django/django/commit/f5c880857e8e01b006c75b9e79a9088cc2c6228f"><code>f5c8808</code></a> [3.2.x] Bumped version for 3.2.24 release.</li> <li><a href="https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820"><code>c1171ff</code></a> [3.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template ...</li> <li><a href="https://github.com/django/django/commit/9dc345643e94f3a48d58fe7547fbc88ce8dab6e9"><code>9dc3456</code></a> [3.2.x] Added stub release notes 3.2.24.</li> <li><a href="https://github.com/django/django/commit/90eae45b3818f6c6e74c2fcb972e2a692ade4c1e"><code>90eae45</code></a> [3.2.x] Fixed documented alias of smart_text().</li> <li>Additional commits viewable in <a href="https://github.com/django/django/compare/3.1.14...3.2.25">compare view</a></li> </ul> </details> <br /> Updates `idna` from 3.6 to 3.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/releases">idna's releases</a>.</em></p> <blockquote> <h2>v3.7</h2> <h2>What's Changed</h2> <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> <p>Thanks to Guido Vranken for reporting the issue.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/kjd/idna/compare/v3.6...v3.7">https://github.com/kjd/idna/compare/v3.6...v3.7</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.rst">idna's changelog</a>.</em></p> <blockquote> <p>3.7 (2024-04-11) ++++++++++++++++</p> <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> <p>Thanks to Guido Vranken for reporting the issue.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"><code>1d365e1</code></a> Release v3.7</li> <li><a href="https://github.com/kjd/idna/commit/c1b3154939907fab67c5754346afaebe165ce8e6"><code>c1b3154</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/172">#172</a> from kjd/optimize-contextj</li> <li><a href="https://github.com/kjd/idna/commit/0394ec76ff022813e770ba1fd89658790ea35623"><code>0394ec7</code></a> Merge branch 'master' into optimize-contextj</li> <li><a href="https://github.com/kjd/idna/commit/cd58a23173d2b0a40b95ee680baf3e59e8d33966"><code>cd58a23</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/152">#152</a> from elliotwutingfeng/dev</li> <li><a href="https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7"><code>5beb28b</code></a> More efficient resolution of joiner contexts</li> <li><a href="https://github.com/kjd/idna/commit/1b121483ed04d9576a1291758f537e1318cddc8b"><code>1b12148</code></a> Update ossf/scorecard-action to v2.3.1</li> <li><a href="https://github.com/kjd/idna/commit/d516b874c3388047934938a500c7488d52c4e067"><code>d516b87</code></a> Update Github actions/checkout to v4</li> <li><a href="https://github.com/kjd/idna/commit/c095c75943413c75ebf8ac74179757031b7f80b7"><code>c095c75</code></a> Merge branch 'master' into dev</li> <li><a href="https://github.com/kjd/idna/commit/60a0a4cb61ec6834d74306bd8a1fa46daac94c98"><code>60a0a4c</code></a> Fix typo in GitHub Actions workflow key</li> <li><a href="https://github.com/kjd/idna/commit/5918a0ef8034379c2e409ae93ee11d24295bb201"><code>5918a0e</code></a> Merge branch 'master' into dev</li> <li>Additional commits viewable in <a href="https://github.com/kjd/idna/compare/v3.6...v3.7">compare view</a></li> </ul> </details> <br /> Updates `yt-dlp` from 2023.12.30 to 2024.4.9 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/yt-dlp/yt-dlp/releases">yt-dlp's releases</a>.</em></p> <blockquote> <h2>yt-dlp 2024.04.09</h2> <p><a href="https://github.com/yt-dlp/yt-dlp#installation" title="Installation instructions"><img src="https://img.shields.io/badge/-Which%20file%20to%20download%3F-white.svg?style=for-the-badge" alt="Installation" /></a> <a href="https://discord.gg/H5MNcFW63r" title="Discord"><img src="https://img.shields.io/discord/807245652072857610?color=blue&labelColor=555555&label=&logo=discord&style=for-the-badge" alt="Discord" /></a> <a href="https://github.com/yt-dlp/yt-dlp/blob/master/Collaborators.md#collaborators" title="Donate"><img src="https://img.shields.io/badge/_-Donate-red.svg?logo=githubsponsors&labelColor=555555&style=for-the-badge" alt="Donate" /></a> <a href="https://github.com/yt-dlp/yt-dlp/tree/2024.04.09#readme" title="Documentation"><img src="https://img.shields.io/badge/-Docs-brightgreen.svg?style=for-the-badge&logo=GitBook&labelColor=555555" alt="Documentation" /></a> <a href="https://github.com/yt-dlp/yt-dlp-nightly-builds/releases/latest" title="Nightly builds"><img src="https://img.shields.io/badge/Nightly%20builds-purple.svg?style=for-the-badge" alt="Nightly" /></a> <a href="https://github.com/yt-dlp/yt-dlp-master-builds/releases/latest" title="Master builds"><img src="https://img.shields.io/badge/Master%20builds-lightblue.svg?style=for-the-badge" alt="Master" /></a></p> <h4>A description of the various files are in the <a href="https://github.com/yt-dlp/yt-dlp#release-files">README</a></h4> <hr /> <h4>Important changes</h4> <ul> <li>Security: [<a href="https://www.cve.org/CVERecord?id=CVE-2024-22423">CVE-2024-22423</a>] <a href="https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p">Prevent RCE when using <code>--exec</code> with <code>%q</code> on Windows</a> <ul> <li>The shell escape function now properly escapes <code>%</code>, <code>\</code> and <code>\n</code>.</li> <li><code>utils.Popen</code> has been patched accordingly.</li> </ul> </li> </ul>  <h4>Core changes</h4> <ul> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/9590cc6b4768e190183d7d071a6c78170889116a">Add new option <code>--progress-delta</code></a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9082">#9082</a>) by <a href="https://github.com/Grub4K">Grub4K</a></li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/0b81d4d252bd065ccd352722987ea34fe17f9244">Add new options <code>--impersonate</code> and <code>--list-impersonate-targets</code></a> by <a href="https://github.com/bashonly">bashonly</a>, <a href="https://github.com/coletdjnz">coletdjnz</a>, <a href="https://github.com/Grub4K">Grub4K</a>, <a href="https://github.com/pukkandan">pukkandan</a></li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/16be117729150b2784f3b17755c886cb0cf73374">Add option <code>--no-break-on-existing</code></a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9610">#9610</a>) by <a href="https://github.com/bashonly">bashonly</a></li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/86e3b82261e8ebc6c6707c09544c9dfb8907c0fd">Fix <code>filesize_approx</code> calculation</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9560">#9560</a>) by <a href="https://github.com/pukkandan">pukkandan</a>, <a href="https://github.com/seproDev">seproDev</a></li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/86a972033e05fea80e5fe7f2aff6723dbe2f3952">Infer <code>acodec</code> for single-codec containers</a> by <a href="https://github.com/pukkandan">pukkandan</a></li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/ff07792676f404ffff6ee61b5638c9dc1a33a37a">Prevent RCE when using <code>--exec</code> with <code>%q</code> (CVE-2024-22423)</a> by <a href="https://github.com/Grub4K">Grub4K</a></li> <li><strong>cookies</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/2ab2651a4a7be18939e2b4cb21be79fe477c797a">Add <code>--cookies-from-browser</code> support for Firefox Flatpak</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9619">#9619</a>) by <a href="https://github.com/un-def">un-def</a></li> <li><strong>utils</strong> <ul> <li><code>traverse_obj</code> <ul> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/3699eeb67cad333272b14a42dd3843d93fda1a2e">Allow unbranching using <code>all</code> and <code>any</code></a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9571">#9571</a>) by <a href="https://github.com/Grub4K">Grub4K</a></li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/32abfb00bdbd119ca675fdc6d1719331f0a2741a">Convenience improvements</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9577">#9577</a>) by <a href="https://github.com/Grub4K">Grub4K</a></li> </ul> </li> </ul> </li> </ul> <h4>Extractor changes</h4> <ul> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/50c29352312f5662acf9a64b0012766f5c40af61">Add extractor impersonate API</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9474">#9474</a>) by <a href="https://github.com/bashonly">bashonly</a>, <a href="https://github.com/Grub4K">Grub4K</a>, <a href="https://github.com/pukkandan">pukkandan</a></li> <li><strong>afreecatv</strong> <ul> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/9415f1a5ef88482ebafe3083e8bcb778ac512df7">Overhaul extractor</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9566">#9566</a>) by <a href="https://github.com/bashonly">bashonly</a>, <a href="https://github.com/Tomoka1">Tomoka1</a></li> <li>live: <a href="https://github.com/yt-dlp/yt-dlp/commit/9073ae6458f4c6a832aa832c67174c61852869be">Fix extractor</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9348">#9348</a>) by <a href="https://github.com/hui1601">hui1601</a></li> </ul> </li> <li><strong>asobistage</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/0284f1fee202302a78888420f933deae19d9f4e1">Add extractor</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/8735">#8735</a>) by <a href="https://github.com/pzhlkj6612">pzhlkj6612</a></li> <li><strong>box</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/07f5b2f7570fd9ac85aed17f4c0118f6eac77beb">Support URLs without file IDs</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9504">#9504</a>) by <a href="https://github.com/shreyasminocha">shreyasminocha</a></li> <li><strong>cbc.ca</strong>: player: <a href="https://github.com/yt-dlp/yt-dlp/commit/b49d5ffc53a72d8245ba319ff07bdc5b8c6a4f0c">Support new URL format</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9561">#9561</a>) by <a href="https://github.com/trainman261">trainman261</a></li> <li><strong>crunchyroll</strong> <ul> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/be77923ffe842f667971019460f6005f3cad01eb">Extract <code>vo_adaptive_hls</code> formats by default</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9447">#9447</a>) by <a href="https://github.com/bashonly">bashonly</a></li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/954e57e405f79188450eb30103a9308732cd318f">Fix extractor</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9615">#9615</a>) by <a href="https://github.com/bytedream">bytedream</a></li> </ul> </li> <li><strong>dropbox</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/a48cc86d6f6b20427553620c2ddb990ede6a4b41">Fix formats extraction</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9627">#9627</a>) by <a href="https://github.com/bashonly">bashonly</a></li> <li><strong>fathom</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/bc2b8c0596fd6b75af24822c4f0f1da6783d71f7">Add extractor</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9495">#9495</a>) by <a href="https://github.com/src-tinkerer">src-tinkerer</a></li> <li><strong>gofile</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/0da66980d3193cad3dae0120cddddbfcabddf7a1">Fix extractor</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9446">#9446</a>) by <a href="https://github.com/jazz1611">jazz1611</a></li> <li><strong>imgur</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/86d2f4d24849af0d1f3af7c0e2ac43bf8a058f74">Fix extraction</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9471">#9471</a>) by <a href="https://github.com/trwstin">trwstin</a></li> <li><strong>jiosaavn</strong> <ul> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/0ae16ceb1846cc4e609b70ce7c5d8e7458efceb2">Extract artists</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9612">#9612</a>) by <a href="https://github.com/bashonly">bashonly</a></li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/443e206ec41e64ca2aef61d8ef91640fb69b3113">Fix format extensions</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9609">#9609</a>) by <a href="https://github.com/bashonly">bashonly</a></li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/2e94602f241f6e41bdc48576c61089435529339b">Support playlists</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9622">#9622</a>) by <a href="https://github.com/bashonly">bashonly</a></li> </ul> </li> <li><strong>joqrag</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/f2fd449b46c4058222e1744f7a35caa20b2d003d">Fix live status detection</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9624">#9624</a>) by <a href="https://github.com/pzhlkj6612">pzhlkj6612</a></li> <li><strong>kick</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/c8a61a910096c77ce08dad5e1b2fbda5eb964156">Support browser impersonation</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9611">#9611</a>) by <a href="https://github.com/bashonly">bashonly</a></li> <li><strong>loom</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/f859ed3ba1e8b129ae6a467592c65687e73fbca1">Add extractors</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/8686">#8686</a>) by <a href="https://github.com/bashonly">bashonly</a>, <a href="https://github.com/hruzgar">hruzgar</a></li> <li><strong>medici</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/4cd9e251b9abada107b10830de997bf4d79ca369">Fix extractor</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9518">#9518</a>) by <a href="https://github.com/Offert4324">Offert4324</a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/yt-dlp/yt-dlp/blob/master/Changelog.md">yt-dlp's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1>  <h3>2024.04.09</h3> <h4>Important changes</h4> <ul> <li>Security: [<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22423">CVE-2024-22423</a>] <a href="https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p">Prevent RCE when using <code>--exec</code> with <code>%q</code> on Windows</a> <ul> <li>The shell escape function now properly escapes <code>%</code>, <code>\</code> and <code>\n</code>.</li> <li><code>utils.Popen</code> has been patched accordingly.</li> </ul> </li> </ul> <h4>Core changes</h4> <ul> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/9590cc6b4768e190183d7d071a6c78170889116a">Add new option <code>--progress-delta</code></a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9082">#9082</a>) by <a href="https://github.com/Grub4K">Grub4K</a></li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/0b81d4d252bd065ccd352722987ea34fe17f9244">Add new options <code>--impersonate</code> and <code>--list-impersonate-targets</code></a> by <a href="https://github.com/bashonly">bashonly</a>, <a href="https://github.com/coletdjnz">coletdjnz</a>, <a href="https://github.com/Grub4K">Grub4K</a>, <a href="https://github.com/pukkandan">pukkandan</a></li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/16be117729150b2784f3b17755c886cb0cf73374">Add option <code>--no-break-on-existing</code></a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9610">#9610</a>) by <a href="https://github.com/bashonly">bashonly</a></li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/86e3b82261e8ebc6c6707c09544c9dfb8907c0fd">Fix <code>filesize_approx</code> calculation</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9560">#9560</a>) by <a href="https://github.com/pukkandan">pukkandan</a>, <a href="https://github.com/seproDev">seproDev</a></li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/86a972033e05fea80e5fe7f2aff6723dbe2f3952">Infer <code>acodec</code> for single-codec containers</a> by <a href="https://github.com/pukkandan">pukkandan</a></li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/ff07792676f404ffff6ee61b5638c9dc1a33a37a">Prevent RCE when using <code>--exec</code> with <code>%q</code> (CVE-2024-22423)</a> by <a href="https://github.com/Grub4K">Grub4K</a></li> <li><strong>cookies</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/2ab2651a4a7be18939e2b4cb21be79fe477c797a">Add <code>--cookies-from-browser</code> support for Firefox Flatpak</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9619">#9619</a>) by <a href="https://github.com/un-def">un-def</a></li> <li><strong>utils</strong> <ul> <li><code>traverse_obj</code> <ul> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/3699eeb67cad333272b14a42dd3843d93fda1a2e">Allow unbranching using <code>all</code> and <code>any</code></a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9571">#9571</a>) by <a href="https://github.com/Grub4K">Grub4K</a></li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/32abfb00bdbd119ca675fdc6d1719331f0a2741a">Convenience improvements</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9577">#9577</a>) by <a href="https://github.com/Grub4K">Grub4K</a></li> </ul> </li> </ul> </li> </ul> <h4>Extractor changes</h4> <ul> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/50c29352312f5662acf9a64b0012766f5c40af61">Add extractor impersonate API</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9474">#9474</a>) by <a href="https://github.com/bashonly">bashonly</a>, <a href="https://github.com/Grub4K">Grub4K</a>, <a href="https://github.com/pukkandan">pukkandan</a></li> <li><strong>afreecatv</strong> <ul> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/9415f1a5ef88482ebafe3083e8bcb778ac512df7">Overhaul extractor</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9566">#9566</a>) by <a href="https://github.com/bashonly">bashonly</a>, <a href="https://github.com/Tomoka1">Tomoka1</a></li> <li>live: <a href="https://github.com/yt-dlp/yt-dlp/commit/9073ae6458f4c6a832aa832c67174c61852869be">Fix extractor</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9348">#9348</a>) by <a href="https://github.com/hui1601">hui1601</a></li> </ul> </li> <li><strong>asobistage</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/0284f1fee202302a78888420f933deae19d9f4e1">Add extractor</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/8735">#8735</a>) by <a href="https://github.com/pzhlkj6612">pzhlkj6612</a></li> <li><strong>box</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/07f5b2f7570fd9ac85aed17f4c0118f6eac77beb">Support URLs without file IDs</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9504">#9504</a>) by <a href="https://github.com/shreyasminocha">shreyasminocha</a></li> <li><strong>cbc.ca</strong>: player: <a href="https://github.com/yt-dlp/yt-dlp/commit/b49d5ffc53a72d8245ba319ff07bdc5b8c6a4f0c">Support new URL format</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9561">#9561</a>) by <a href="https://github.com/trainman261">trainman261</a></li> <li><strong>crunchyroll</strong> <ul> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/be77923ffe842f667971019460f6005f3cad01eb">Extract <code>vo_adaptive_hls</code> formats by default</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9447">#9447</a>) by <a href="https://github.com/bashonly">bashonly</a></li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/954e57e405f79188450eb30103a9308732cd318f">Fix extractor</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9615">#9615</a>) by <a href="https://github.com/bytedream">bytedream</a></li> </ul> </li> <li><strong>dropbox</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/a48cc86d6f6b20427553620c2ddb990ede6a4b41">Fix formats extraction</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9627">#9627</a>) by <a href="https://github.com/bashonly">bashonly</a></li> <li><strong>fathom</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/bc2b8c0596fd6b75af24822c4f0f1da6783d71f7">Add extractor</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9495">#9495</a>) by <a href="https://github.com/src-tinkerer">src-tinkerer</a></li> <li><strong>gofile</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/0da66980d3193cad3dae0120cddddbfcabddf7a1">Fix extractor</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9446">#9446</a>) by <a href="https://github.com/jazz1611">jazz1611</a></li> <li><strong>imgur</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/86d2f4d24849af0d1f3af7c0e2ac43bf8a058f74">Fix extraction</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9471">#9471</a>) by <a href="https://github.com/trwstin">trwstin</a></li> <li><strong>jiosaavn</strong> <ul> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/0ae16ceb1846cc4e609b70ce7c5d8e7458efceb2">Extract artists</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9612">#9612</a>) by <a href="https://github.com/bashonly">bashonly</a></li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/443e206ec41e64ca2aef61d8ef91640fb69b3113">Fix format extensions</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9609">#9609</a>) by <a href="https://github.com/bashonly">bashonly</a></li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/2e94602f241f6e41bdc48576c61089435529339b">Support playlists</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9622">#9622</a>) by <a href="https://github.com/bashonly">bashonly</a></li> </ul> </li> <li><strong>joqrag</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/f2fd449b46c4058222e1744f7a35caa20b2d003d">Fix live status detection</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9624">#9624</a>) by <a href="https://github.com/pzhlkj6612">pzhlkj6612</a></li> <li><strong>kick</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/c8a61a910096c77ce08dad5e1b2fbda5eb964156">Support browser impersonation</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9611">#9611</a>) by <a href="https://github.com/bashonly">bashonly</a></li> <li><strong>loom</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/f859ed3ba1e8b129ae6a467592c65687e73fbca1">Add extractors</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/8686">#8686</a>) by <a href="https://github.com/bashonly">bashonly</a>, <a href="https://github.com/hruzgar">hruzgar</a></li> <li><strong>medici</strong>: <a href="https://github.com/yt-dlp/yt-dlp/commit/4cd9e251b9abada107b10830de997bf4d79ca369">Fix extractor</a> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9518">#9518</a>) by <a href="https://github.com/Offert4324">Offert4324</a></li> <li><strong>mixch</strong></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/168e72dcd3e04e0e19e92c012a04b8a1e4658f50"><code>168e72d</code></a> Release 2024.04.09</li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/ff07792676f404ffff6ee61b5638c9dc1a33a37a"><code>ff07792</code></a> [core] Prevent RCE when using <code>--exec</code> with <code>%q</code> (CVE-2024-22423)</li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/216f6a3cb57824e6a3c859649ce058c199b1b247"><code>216f6a3</code></a> [cleanup] Misc (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9426">#9426</a>)</li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/b19ae095fdddd43c2a2c67d10fbe0d9a645bb98f"><code>b19ae09</code></a> [build] Do not include <code>curl_cffi</code> in <code>macos_legacy</code> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9653">#9653</a>)</li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/9590cc6b4768e190183d7d071a6c78170889116a"><code>9590cc6</code></a> Add new option <code>--progress-delta</code> (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9082">#9082</a>)</li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/79a451e5763eda8b10d00684d5d3378f3255ee01"><code>79a451e</code></a> [networking] Respect <code>SSLKEYLOGFILE</code> environment variable (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9543">#9543</a>)</li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/df0e138fc02ae2764a44f2f59fc93c756c4d3ee2"><code>df0e138</code></a> [docs] Various manpage fixes</li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/2e94602f241f6e41bdc48576c61089435529339b"><code>2e94602</code></a> [ie/jiosaavn] Support playlists (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9622">#9622</a>)</li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/4af9d5c2f6aa81403ae2a8a5ae3cc824730f0b86"><code>4af9d5c</code></a> [ie/nhk] Fix NHK World extractors (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9623">#9623</a>)</li> <li><a href="https://github.com/yt-dlp/yt-dlp/commit/36b240f9a72af57eb2c9d927ebb7fd1c917ebf18"><code>36b240f</code></a> [ie/patreon] Do not extract dead embed URLs (<a href="https://redirect.github.com/yt-dlp/yt-dlp/issues/9613">#9613</a>)</li> <li>Additional commits viewable in <a href="https://github.com/yt-dlp/yt-dlp/compare/2023.12.30...2024.04.09">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ArchiveBox/ArchiveBox/network/alerts). </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>