Minor/patch release cycle with bugfixes #1478
Comments
|
I've pushed the date earlier and hope to publish the 3.0.0 version before then. I'm waiting on one or two last PR reviews. See https://github.com/jazzband/django-oauth-toolkit/milestone/35. It seems that oauthlib CVE can be dealt with now by upgrading oauthlib as the DOT 2.4.0 requirements are for |
|
@n2ygk sorry, I may have not asked the question clearly. What I'm interested is having those two PRs before a major release with breaking changes, in for example DOT 2.4.1 or 2.5. The motivation is that they are not breaking changes, so there is no need to only include them in a major release (bundled up with other breaking changes) |
|
That’s too much effort for me to have to create a branch and cherry pick
intermediate commits.
…On Thu, Sep 5, 2024 at 4:50 AM Cristian Prigoana ***@***.***> wrote:
@n2ygk <https://github.com/n2ygk> sorry, I may have not asked the
question clearly. What I'm interested is having those two PRs *before* a
major release with breaking changes, in for example DOT 2.4.1 or 2.5.
The motivation is that they are not breaking changes, so there is no need
to only include them in a major release
—
Reply to this email directly, view it on GitHub
<#1478 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABBHS5YUC4Q67CHUVFB3CB3ZVALLZAVCNFSM6AAAAABNT7X35WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMZQHE3DENRTG4>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Hi! Do you have any plans to release another minor or patch version before the major upgrade to 3? There are a couple of smaller non-breaking fixes that would be great to have in, such as #1476 and #1465 which fixes this CVE. 🙏
The text was updated successfully, but these errors were encountered: