Minor fixes to `idle.rst` and regenerate `help.html` (GH-140037)
(cherry picked from commit 4e6e208be9)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
gh-140569: recommend the new REPL in the asyncio REPL docs (GH-140570)
(cherry picked from commit 8822166200)
Co-authored-by: Bartosz Sławecki <bartosz@ilikepython.com>
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
gh-118516: clarify that subprocess are automatically killed if transport gets garbage collected (GH-140997)
(cherry picked from commit 101c9c0a21)
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
Clarify that:
- it takes parsing for an attack
- that some doors are closed by default
- only Expat version 2.7.2 has all the fixes
- use of the bundle depends on configuration
(cherry picked from commit baa9f33897)
Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
Update selected RFC 2822 references to RFC 5322
RFC 2822 was obsoleted by RFC 5322 in 2008. This updates references
to use the current standard in documentation, docstrings, and comments.
It preserves RFC 2822 references in legacy API components to maintain their
historical context.
RFC 822 → RFC 2822 → RFC 5322 progression is explained where relevant.
In some places specific sections of RFC are referenced where it seems helpful.
Scout rule was applied in some places and RFC mentions format was
normalized in doc strings and comments.
(cherry picked from commit ce1bb85d28)
Docs: Fix typo in `email.headerregistry.rst` (GH-140965)
Fix missing 'Header' suffix on header class name in `email.headerregistry.rst`
(cherry picked from commit 97d8dda980)
Co-authored-by: Guo Ci <zguoci@gmail.com>
Document that returning `sys.monitoring.DISABLE` in response to a global event raises `ValueError` (GH-140726)
(cherry picked from commit 8a7dbb7a68)
Co-authored-by: Brett Cannon <brett@python.org>
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
* gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (#139234)
Expose the XML Expat 2.7.2 mitigation APIs to disallow use of
disproportional amounts of dynamic memory from within an Expat
parser (see CVE-2025-59375 for instance).
The exposed APIs are available on Expat parsers, that is,
parsers created by `xml.parsers.expat.ParserCreate()`, as:
- `parser.SetAllocTrackerActivationThreshold(threshold)`, and
- `parser.SetAllocTrackerMaximumAmplification(max_factor)`.
(cherry picked from commit f04bea44c3)
(cherry picked from commit 68a1778b77)
* the "plaintext" element
* the RAWTEXT elements "xmp", "iframe", "noembed" and "noframes"
* optionally RAWTEXT (if scripting=True) element "noscript"
(cherry picked from commit a17c57eee5)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* Link to compression setting constants from compression functions
* De-duplicate descriptions of the constants
(cherry picked from commit 091e8513bb)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
Use multiple signatures for clarity.
Explain different forms of bgcolor() in details.
Fix outdated docstrings.
(cherry picked from commit 525dcfe523)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* gh-101100: Document `zlib` public constants to fix reference warnings (#139835)
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
(cherry picked from commit c7f1da97eb)
* [3.13] gh-101100: Document `zlib` public constants to fix reference warnings (GH-139835)
(cherry picked from commit c7f1da97eb)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
---------
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
Passing a negative or zero size to `cursor.fetchmany()` made it fetch all rows
instead of none.
While this could be considered a security vulnerability, it was decided to treat
this issue as a regular bug as passing a non-sanitized *size* value in the first
place is not recommended.
(cherry picked from commit bc172ee830)
Replace ambiguous word "pound" by "hash" in `difflib` docs (GH-139601)
(cherry picked from commit dadbb2662a)
Co-authored-by: George Ogden <38294960+George-Ogden@users.noreply.github.com>
* Fix `hashlib.file_digest()` versionchanged description of `BlockingIOError`
The sentence was missing a negation and contradicted the other two
descriptions in the same commit. I believe code behaviour is correct.
* fixup! Fix `hashlib.file_digest()` versionchanged description of `BlockingIOError`
* Remove unncessary NEWS.d entry
(cherry picked from commit fb114cf497)
