Skip to content

chore(deps): update dependency click to <=8.3.3,>=8.3 - autoclosed#141

Closed
mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/click-8.x
Closed

chore(deps): update dependency click to <=8.3.3,>=8.3 - autoclosed#141
mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/click-8.x

Conversation

@mend-for-github-com

@mend-for-github-com mend-for-github-com Bot commented May 11, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
click (changelog) project.dependencies patch <=8.3.1,>=7.0<=8.3.3,>=8.3

By merging this PR, the issue #148 will be automatically resolved and closed:

Severity CVSS Score Vulnerability
High High 7.2 CVE-2026-7246

Release Notes

pallets/click (click)

v8.3.3

Compare Source

Released 2026-04-20

  • Use :func:shlex.split to split pager and editor commands into argv
    lists for :class:subprocess.Popen, removing shell=True.
    :issue:1026 :pr:1477 :pr:2775
  • Fix TypeError when rendering help for an option whose default value is
    an object that doesn't support equality comparison with strings, such as
    semver.Version. :issue:3298 :pr:3299
  • Fix pager test pollution under parallel execution by using pytest's
    tmp_path fixture instead of a shared temporary file path. :pr:3238
  • Treat Sentinel.UNSET values in a default_map as absent, so they fall
    through to the next default source instead of being used as the value.
    :issue:3224 :pr:3240
  • Patch pdb.Pdb in CliRunner isolation so pdb.set_trace(),
    breakpoint(), and debuggers subclassing pdb.Pdb (ipdb, pdbpp) can
    interact with the real terminal instead of the captured I/O streams.
    :issue:654 :issue:824 :issue:843 :pr:951 :pr:3235
  • Add optional randomized parallel test execution using pytest-randomly and
    pytest-xdist to detect test pollution and race conditions. :pr:3151
  • Add contributor documentation for running stress tests, randomized
    parallel tests, and Flask smoke tests. :pr:3151 :pr:3177
  • Show custom show_default string in prompts, matching the existing
    help text behavior. :issue:2836 :pr:2837 :pr:3165 :pr:3262 :pr:3280
    :pr:3328
  • Fix default=True with boolean flag_value always returning the
    flag_value instead of True. The default=True to flag_value
    substitution now only applies to non-boolean flags, where True acts as a
    sentinel meaning "activate this flag by default". For boolean flags,
    default=True is returned as a literal value. :issue:3111 :pr:3239
  • Mark make_default_short_help as private API. :issue:3189 :pr:3250
  • CliRunner's redirected streams now expose the original file descriptor
    via fileno(), so that faulthandler, subprocess, and other
    C-level consumers no longer crash with io.UnsupportedOperation.
    :issue:2865
  • Change :class:ParameterSource to an :class:~enum.IntEnum and reorder
    its members from most to least explicit, so values can be compared to
    check whether a parameter was explicitly provided. :issue:2879 :pr:3248

v8.3.2

Compare Source

Released 2026-04-02

  • Fix handling of flag_value when is_flag=False to allow such options to be
    used without an explicit value. :issue:3084 :pr:3152
  • Hide Sentinel.UNSET values as None when using lookup_default().
    :issue:3136 :pr:3199 :pr:3202 :pr:3209 :pr:3212 :pr:3224
  • Prevent _NamedTextIOWrapper from closing streams owned by StreamMixer.
    :issue:824 :issue:2991 :issue:2993 :issue:3110 :pr:3139 :pr:3140
  • Add comprehensive tests for CliRunner stream lifecycle, covering
    logging interaction, multi-threaded safety, and sequential invocation
    isolation. Add high-iteration stress tests behind a stress marker
    with a dedicated CI job. :pr:3139
  • Fix callable flag_value being instantiated when used as a default via
    default=True. :issue:3121 :pr:3201 :pr:3213 :pr:3225

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com Bot added the security fix Security fix generated by WhiteSource label May 11, 2026
@mend-for-github-com mend-for-github-com Bot added the security fix Security fix generated by WhiteSource label May 11, 2026
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/click-8.x branch 2 times, most recently from c444e49 to 9aa2af9 Compare May 21, 2026 20:52
@socket-security

socket-security Bot commented May 21, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedclick@​8.3.1 ⏵ 8.3.396 +1100100100100

View full report

@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/click-8.x branch from 9aa2af9 to d9997b1 Compare May 22, 2026 14:03
@mend-for-github-com mend-for-github-com Bot changed the title chore(deps): update dependency click to <=8.3.3,>=8.3 chore(deps): update dependency click to <=8.3.3,>=8.3 - autoclosed May 25, 2026
@mend-for-github-com mend-for-github-com Bot deleted the whitesource-remediate/click-8.x branch May 25, 2026 18:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

security fix Security fix generated by WhiteSource

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants