dima

Hey everyone, long time no see!

I started TWiC in 2023, and to be honest, mining diffs manually was exhausting; that's why the project faded away pretty quickly. Today, with a little bit of LLM help and automation, it has become much easier to find hidden gems in modern OSS and bring them to the audience. There's another problem though: sometimes there are too many gems, and I definitely don't want to restart a series of boring longreads.

So today, we're gonna cover recent changes in only one project, (arguably) the most popular library and command-line tool in the world - curl.

pyenv 2.3.13, 2.3.14

Highlights from the changelog:

• added versions 3.10.10, 3.11.2, and 3.12.0a5;
• fixed versions 3.5.10 and 3.6.15 for macOS and modern 64-bit platforms.

This one made me laugh a bit:

• a7b181c introduce an indentation issue
• 3829742 fix the indendation issue.

That's how programming actually works!

Django 4.1.6, 4.1.7

• 4.1.6: release notes, blog post
• 4.1.7: release notes, blog post

9d7bd5a An interesting bug of parsing the Accept-Language header. The format of the header value is complex, so there's a bunch of regular expressions and @functools.lru_cache(maxsize=1000) for caching the result. However, you can pass a huge header multiple times, causing DoS, so they added two if statements:

• one that checks if the length is less than ACCEPT_LANGUAGE_HEADER_MAX_LENGTH
• second - for checking the comma-separated strings. So they decided not to just raise an exception or truncate the string by [:ACCEPT_LANGUAGE_HEADER_MAX_LENGTH], but truncate the value in a safe way, so it can be parsed in a meaningful result. Good job!