Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package lychee for openSUSE:Factory checked in at 2025-06-17 18:23:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lychee (Old) and /work/SRC/openSUSE:Factory/.lychee.new.19631 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lychee" Tue Jun 17 18:23:42 2025 rev:8 rq:1286319 version:0.19.1 Changes: -------- --- /work/SRC/openSUSE:Factory/lychee/lychee.changes 2025-06-12 15:54:36.896558065 +0200 +++ /work/SRC/openSUSE:Factory/.lychee.new.19631/lychee.changes 2025-06-17 18:24:33.296126667 +0200 @@ -1,0 +2,9 @@ +Tue Jun 17 09:19:38 UTC 2025 - Alessio Biancalana <dottorblas...@opensuse.org> + +- Update to version 0.19.1: + * chore: release v0.19.1 (#1726) + * fix: skip the fragment check if the uri doesn't contain fragment (#1730) + * Don't echo potentially sensitive header data (#1728) + * Update changelog + +------------------------------------------------------------------- Old: ---- lychee-0.19.0~0.tar.zst New: ---- lychee-0.19.1.tar.zst ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lychee.spec ++++++ --- /var/tmp/diff_new_pack.Kkfq27/_old 2025-06-17 18:24:34.876192369 +0200 +++ /var/tmp/diff_new_pack.Kkfq27/_new 2025-06-17 18:24:34.880192535 +0200 @@ -17,7 +17,7 @@ Name: lychee -Version: 0.19.0~0 +Version: 0.19.1 Release: 0 Summary: Fast, async, stream-based link checker written in Rust License: Apache-2.0 OR MIT ++++++ _service ++++++ --- /var/tmp/diff_new_pack.Kkfq27/_old 2025-06-17 18:24:34.908193699 +0200 +++ /var/tmp/diff_new_pack.Kkfq27/_new 2025-06-17 18:24:34.912193865 +0200 @@ -1,14 +1,14 @@ <services> <service mode="disabled" name="obs_scm"> <param name="url">https://github.com/lycheeverse/lychee.git</param> - <param name="versionformat">@PARENT_TAG@~@TAG_OFFSET@</param> + <param name="versionformat">@PARENT_TAG@</param> <param name="scm">git</param> - <param name="revision">lychee-v0.19.0</param> + <param name="revision">lychee-v0.19.1</param> <param name="match-tag">*</param> <param name="versionrewrite-pattern">lychee-v(\d+\.\d+\.\d+)</param> <param name="versionrewrite-replacement">\1</param> <param name="changesgenerate">enable</param> - <param name="changesauthor">alessio.biancal...@suse.com</param> + <param name="changesauthor">dottorblas...@opensuse.org</param> </service> <service mode="disabled" name="tar" /> <service mode="disabled" name="recompress"> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.Kkfq27/_old 2025-06-17 18:24:34.932194697 +0200 +++ /var/tmp/diff_new_pack.Kkfq27/_new 2025-06-17 18:24:34.936194863 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/lycheeverse/lychee.git</param> - <param name="changesrevision">639c74e392a025158eb5c30655fb543c05cd33b7</param></service></servicedata> + <param name="changesrevision">3592972d6462ceb6081c3945cc43121bc3ce2039</param></service></servicedata> (No newline at EOF) ++++++ lychee-0.19.0~0.tar.zst -> lychee-0.19.1.tar.zst ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lychee-0.19.0~0/Cargo.lock new/lychee-0.19.1/Cargo.lock --- old/lychee-0.19.0~0/Cargo.lock 2025-06-11 16:04:34.000000000 +0200 +++ new/lychee-0.19.1/Cargo.lock 2025-06-16 13:56:32.000000000 +0200 @@ -2490,7 +2490,7 @@ [[package]] name = "lychee" -version = "0.19.0" +version = "0.19.1" dependencies = [ "anyhow", "assert-json-diff", @@ -2538,7 +2538,7 @@ [[package]] name = "lychee-lib" -version = "0.19.0" +version = "0.19.1" dependencies = [ "async-stream", "async-trait", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lychee-0.19.0~0/Cargo.toml new/lychee-0.19.1/Cargo.toml --- old/lychee-0.19.0~0/Cargo.toml 2025-06-11 16:04:34.000000000 +0200 +++ new/lychee-0.19.1/Cargo.toml 2025-06-16 13:56:32.000000000 +0200 @@ -3,7 +3,7 @@ resolver = "2" [workspace.package] -version = "0.19.0" +version = "0.19.1" [profile.release] debug = true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lychee-0.19.0~0/lychee-bin/CHANGELOG.md new/lychee-0.19.1/lychee-bin/CHANGELOG.md --- old/lychee-0.19.0~0/lychee-bin/CHANGELOG.md 2025-06-11 16:04:34.000000000 +0200 +++ new/lychee-0.19.1/lychee-bin/CHANGELOG.md 2025-06-16 13:56:32.000000000 +0200 @@ -7,53 +7,54 @@ ## [Unreleased] +## [0.19.1](https://github.com/lycheeverse/lychee/compare/lychee-v0.19.0...lychee-v0.19.1) - 2025-06-16 + +### Other + +- Don't echo potentially sensitive header data ([#1728](https://github.com/lycheeverse/lychee/pull/1728)) +- Update changelog + ## [0.19.0](https://github.com/lycheeverse/lychee/compare/lychee-v0.18.1...lychee-v0.19.0) - 2025-06-11 +Most notably with this release the deprecated `--exclude-mail` flag was removed and the behavior of the `--accept` flag was updated. Previously, status codes such as `200 OK` were always accepted. Now they are only accepted by default. This means providing the argument `--accept 201` now rejects status code `200 OK`. + ### Added -- raise error when the default config file is invalid ([#1715](https://github.com/lycheeverse/lychee/pull/1715)) -- detect website fragments ([#1675](https://github.com/lycheeverse/lychee/pull/1675)) +- Raise error when the default config file is invalid ([#1715](https://github.com/lycheeverse/lychee/pull/1715)) +- Detect website fragments ([#1675](https://github.com/lycheeverse/lychee/pull/1675)) +- Move archive functionality to library ([#1720](https://github.com/lycheeverse/lychee/pull/1720)) +- Add TLS version option ([#1655](https://github.com/lycheeverse/lychee/pull/1655)) +- Add FreeBSD-Ask to users ([#1662](https://github.com/lycheeverse/lychee/pull/1662)) +- Add support for custom file extensions in link checking. ([#1559](https://github.com/lycheeverse/lychee/pull/1559)) +- Add support for custom headers in input processing ([#1561](https://github.com/lycheeverse/lychee/pull/1561)) +- Add possible values for minimum TLS version in help message ([#1693](https://github.com/lycheeverse/lychee/pull/1693)) ### Fixed -- only check the fragment when it's a file ([#1713](https://github.com/lycheeverse/lychee/pull/1713)) +- Only check fragments inside files ([#1713](https://github.com/lycheeverse/lychee/pull/1713)) +- Update --accept behaviour (https://github.com/lycheeverse/lychee/issues/1661) +- Allow header values that contain equal signs ([#1647](https://github.com/lycheeverse/lychee/pull/1647)) ### Other -- Add cli test -- Use StatusCodeSelector default as default accepted StatusCodes -- Update tests -- Remove duplicated information from output -- Update test -- Update test -- Move archive functionality to library ([#1720](https://github.com/lycheeverse/lychee/pull/1720)) +- Remove deprecated `--exclude-mail` flag ([#1669](https://github.com/lycheeverse/lychee/issues/1669)) - Bump the dependencies group across 1 directory with 3 updates ([#1714](https://github.com/lycheeverse/lychee/pull/1714)) - Upgrade to 2024 edition ([#1711](https://github.com/lycheeverse/lychee/pull/1711)) - Fix `test_exclude_example_domains` ([#1712](https://github.com/lycheeverse/lychee/pull/1712)) -- Add support for custom headers in input processing ([#1561](https://github.com/lycheeverse/lychee/pull/1561)) - Fix lints ([#1705](https://github.com/lycheeverse/lychee/pull/1705)) -- Remove flag - Bump the dependencies group with 2 updates -- Add possible values for minimum TLS version in help message ([#1693](https://github.com/lycheeverse/lychee/pull/1693)) -- Add TLS version option ([#1655](https://github.com/lycheeverse/lychee/pull/1655)) - Bump the dependencies group across 1 directory with 11 updates ([#1692](https://github.com/lycheeverse/lychee/pull/1692)) - Specify MSRV ([#1676](https://github.com/lycheeverse/lychee/pull/1676)) -- Fix outdated link -- Remove once_cell as direct dependency - Make clippy happy ([#1681](https://github.com/lycheeverse/lychee/pull/1681)) - Bump the dependencies group with 3 updates ([#1670](https://github.com/lycheeverse/lychee/pull/1670)) - Fix accept/exclude range syntax and docs ([#1668](https://github.com/lycheeverse/lychee/pull/1668)) -- Add FreeBSD-Ask to users ([#1662](https://github.com/lycheeverse/lychee/pull/1662)) - Bump the dependencies group with 4 updates ([#1664](https://github.com/lycheeverse/lychee/pull/1664)) -- Allow header values that contain equal signs ([#1647](https://github.com/lycheeverse/lychee/pull/1647)) - Bump the dependencies group with 11 updates ([#1656](https://github.com/lycheeverse/lychee/pull/1656)) - Bump the dependencies group across 1 directory with 14 updates ([#1653](https://github.com/lycheeverse/lychee/pull/1653)) -- Add support for custom file extensions in link checking. ([#1559](https://github.com/lycheeverse/lychee/pull/1559)) - Format Markdown URLs with `<>` instead of `[]()` ([#1638](https://github.com/lycheeverse/lychee/pull/1638)) - Bump the dependencies group across 1 directory with 21 updates ([#1643](https://github.com/lycheeverse/lychee/pull/1643)) -- add tests for URL extraction ending with a period ([#1641](https://github.com/lycheeverse/lychee/pull/1641)) -- renamed `base` to `base_url` (fixes #1607) ([#1629](https://github.com/lycheeverse/lychee/pull/1629)) -- Sort compact/detailed/markdown error output by file path ([#1622](https://github.com/lycheeverse/lychee/pull/1622)) +- Add tests for URL extraction ending with a period ([#1641](https://github.com/lycheeverse/lychee/pull/1641)) +- Renamed `base` to `base_url` (fixes #1607) ([#1629](https://github.com/lycheeverse/lychee/pull/1629)) ## [0.18.1](https://github.com/lycheeverse/lychee/compare/lychee-v0.18.0...lychee-v0.18.1) - 2025-02-06 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lychee-0.19.0~0/lychee-bin/Cargo.toml new/lychee-0.19.1/lychee-bin/Cargo.toml --- old/lychee-0.19.0~0/lychee-bin/Cargo.toml 2025-06-11 16:04:34.000000000 +0200 +++ new/lychee-0.19.1/lychee-bin/Cargo.toml 2025-06-16 13:56:32.000000000 +0200 @@ -15,7 +15,7 @@ [dependencies] # NOTE: We need to specify the version of lychee-lib here because crates.io # requires all dependencies to have a version number. -lychee-lib = { path = "../lychee-lib", version = "0.19.0", default-features = false } +lychee-lib = { path = "../lychee-lib", version = "0.19.1", default-features = false } anyhow = "1.0.98" assert-json-diff = "2.0.2" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lychee-0.19.0~0/lychee-bin/src/options.rs new/lychee-0.19.1/lychee-bin/src/options.rs --- old/lychee-0.19.0~0/lychee-bin/src/options.rs 2025-06-11 16:04:34.000000000 +0200 +++ new/lychee-0.19.1/lychee-bin/src/options.rs 2025-06-16 13:56:32.000000000 +0200 @@ -212,19 +212,24 @@ /// /// If the header contains multiple colons, the part after the first colon is /// considered the value. +/// +/// # Errors +/// +/// This fails if the header does not contain exactly one `:` character or +/// if the header name contains non-ASCII characters. fn parse_single_header(header: &str) -> Result<(HeaderName, HeaderValue)> { let parts: Vec<&str> = header.splitn(2, ':').collect(); match parts.as_slice() { [name, value] => { - let name = HeaderName::from_bytes(name.trim().as_bytes()) - .map_err(|e| anyhow!("Invalid header name '{}': {}", name.trim(), e))?; - let value = HeaderValue::from_str(value.trim()) - .map_err(|e| anyhow!("Invalid header value '{}': {}", value.trim(), e))?; + let name = HeaderName::from_str(name.trim()) + .map_err(|e| anyhow!("Unable to convert header name '{}': {}", name.trim(), e))?; + let value = HeaderValue::from_str(value.trim()).map_err(|e| { + anyhow!("Unable to read value of header with name '{}': {}", name, e) + })?; Ok((name, value)) } _ => Err(anyhow!( - "Invalid header format. Expected colon-separated string in the format 'HeaderName: HeaderValue', got '{}'", - header + "Invalid header format. Expected colon-separated string in the format 'HeaderName: HeaderValue'" )), } } @@ -871,6 +876,18 @@ } #[test] + /// We should not reveal potentially sensitive data contained in the headers. + /// See: [#1297](https://github.com/lycheeverse/lychee/issues/1297) + fn test_does_not_echo_sensitive_data() { + let error = parse_single_header("My-Headerš£: secret") + .expect_err("Should not allow unicode as key"); + assert!(!error.to_string().contains("secret")); + + let error = parse_single_header("secret").expect_err("Should fail when no `:` given"); + assert!(!error.to_string().contains("secret")); + } + + #[test] fn test_header_parsing_and_merging() { // Simulate commandline arguments with multiple headers let args = vec![ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lychee-0.19.0~0/lychee-lib/CHANGELOG.md new/lychee-0.19.1/lychee-lib/CHANGELOG.md --- old/lychee-0.19.0~0/lychee-lib/CHANGELOG.md 2025-06-11 16:04:34.000000000 +0200 +++ new/lychee-0.19.1/lychee-lib/CHANGELOG.md 2025-06-16 13:56:32.000000000 +0200 @@ -7,43 +7,38 @@ ## [Unreleased] +## [0.19.1](https://github.com/lycheeverse/lychee/compare/lychee-lib-v0.19.0...lychee-lib-v0.19.1) - 2025-06-16 + +### Fixed + +- skip the fragment check if the uri doesn't contain fragment ([#1730](https://github.com/lycheeverse/lychee/pull/1730)) + +### Other + +- Update changelog + ## [0.19.0](https://github.com/lycheeverse/lychee/compare/lychee-lib-v0.18.1...lychee-lib-v0.19.0) - 2025-06-11 ### Added -- respect the `disabled` property for stylesheet links ([#1716](https://github.com/lycheeverse/lychee/pull/1716)) -- detect website fragments ([#1675](https://github.com/lycheeverse/lychee/pull/1675)) +- Respect the `disabled` property for stylesheet links ([#1716](https://github.com/lycheeverse/lychee/pull/1716)) +- Detect website fragments ([#1675](https://github.com/lycheeverse/lychee/pull/1675)) ### Fixed -- only check the fragment when it's a file ([#1713](https://github.com/lycheeverse/lychee/pull/1713)) -- ignore gitlab table of content in wikilinks ([#1710](https://github.com/lycheeverse/lychee/pull/1710)) +- Only check the fragment when it's a file ([#1713](https://github.com/lycheeverse/lychee/pull/1713)) +- Ignore gitlab table of content in wikilinks ([#1710](https://github.com/lycheeverse/lychee/pull/1710)) ### Other -- Add explanation -- Fix grammar -- Update docs -- Extract DEFAULT_ACCEPTED_STATUS_CODES & apply clippy's suggestions -- Use StatusCodeSelector default as default accepted StatusCodes -- Tiny improvements -- Remove dbg macro -- Pass accepted values by reference -- Make accepted codes non-optional -- Handle rejected TOO_MANY_REQUESTS -- Update Status::code -- Remove duplicated information from output -- Change usage of ErrorKind::NetworkRequest, as it no longer represents rejected status codes -- Update doc comment -- Make error message more user-friendly -- Remove hardcoded rule for handling erroneous status codes differently +- Update --accept behaviour [#1661](https://github.com/lycheeverse/lychee/issues/1661) - Move archive functionality to library ([#1720](https://github.com/lycheeverse/lychee/pull/1720)) - Bump the dependencies group across 1 directory with 3 updates ([#1714](https://github.com/lycheeverse/lychee/pull/1714)) - Upgrade to 2024 edition ([#1711](https://github.com/lycheeverse/lychee/pull/1711)) - Add support for custom headers in input processing ([#1561](https://github.com/lycheeverse/lychee/pull/1561)) - Fix lints ([#1705](https://github.com/lycheeverse/lychee/pull/1705)) -- Remove flag -- detect wikilinks, prevent plaintext extraction from links #1650 ([#1679](https://github.com/lycheeverse/lychee/pull/1679)) +- Remove deprecated `--exclude-mail` flag ([#1669](https://github.com/lycheeverse/lychee/issues/1669)) +- Detect wikilinks, prevent plaintext extraction from links #1650 ([#1679](https://github.com/lycheeverse/lychee/pull/1679)) - Bump the dependencies group with 2 updates - Add possible values for minimum TLS version in help message ([#1693](https://github.com/lycheeverse/lychee/pull/1693)) - Add TLS version option ([#1655](https://github.com/lycheeverse/lychee/pull/1655)) @@ -60,7 +55,7 @@ - Bump the dependencies group across 1 directory with 14 updates ([#1653](https://github.com/lycheeverse/lychee/pull/1653)) - Add support for custom file extensions in link checking. ([#1559](https://github.com/lycheeverse/lychee/pull/1559)) - Bump the dependencies group across 1 directory with 21 updates ([#1643](https://github.com/lycheeverse/lychee/pull/1643)) -- renamed `base` to `base_url` (fixes #1607) ([#1629](https://github.com/lycheeverse/lychee/pull/1629)) +- Renamed `base` to `base_url` (fixes #1607) ([#1629](https://github.com/lycheeverse/lychee/pull/1629)) ## [0.18.1](https://github.com/lycheeverse/lychee/compare/lychee-lib-v0.18.0...lychee-lib-v0.18.1) - 2025-02-06 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lychee-0.19.0~0/lychee-lib/src/checker/file.rs new/lychee-0.19.1/lychee-lib/src/checker/file.rs --- old/lychee-0.19.0~0/lychee-lib/src/checker/file.rs 2025-06-11 16:04:34.000000000 +0200 +++ new/lychee-0.19.1/lychee-lib/src/checker/file.rs 2025-06-16 13:56:32.000000000 +0200 @@ -123,8 +123,9 @@ /// /// Returns a `Status` indicating the result of the check. async fn check_existing_path(&self, path: &Path, uri: &Uri) -> Status { - // only files can contain content with fragments - if self.include_fragments && path.is_file() { + // Only files can contain content with fragments. + // Skip if the uri doesn't have the fragment. + if self.include_fragments && path.is_file() && uri.url.fragment().is_some() { self.check_fragment(path, uri).await } else { Status::Ok(StatusCode::OK) ++++++ lychee.obsinfo ++++++ --- /var/tmp/diff_new_pack.Kkfq27/_old 2025-06-17 18:24:35.140203346 +0200 +++ /var/tmp/diff_new_pack.Kkfq27/_new 2025-06-17 18:24:35.144203513 +0200 @@ -1,5 +1,5 @@ name: lychee -version: 0.19.0~0 -mtime: 1749650674 -commit: 639c74e392a025158eb5c30655fb543c05cd33b7 +version: 0.19.1 +mtime: 1750074992 +commit: 3592972d6462ceb6081c3945cc43121bc3ce2039 ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/lychee/vendor.tar.zst /work/SRC/openSUSE:Factory/.lychee.new.19631/vendor.tar.zst differ: char 7, line 1