Commits on Oct 7, 2020

Commits on Oct 6, 2020

1. bpo-38605: Make 'from __future__ import annotations' the default (GH-…

   …20434)
   
   The hard part was making all the tests pass; there are some subtle issues here, because apparently the future import wasn't tested very thoroughly in previous Python versions.
   
   For example, `inspect.signature()` returned type objects normally (except for forward references), but strings with the future import. We changed it to try and return type objects by calling `typing.get_type_hints()`, but fall back on returning strings if that function fails (which it may do if there are future references in the annotations that require passing in a specific namespace to resolve).

3. bpo-41944: No longer call eval() on content received via HTTP in the …

   …UnicodeNames tests (GH-22575)
   
   Similarly to GH-22566, those tests called eval() on content received via
   HTTP in test_named_sequences_full. This likely isn't exploitable because
   unicodedata.lookup(seqname) is called before self.checkletter(seqname,
   None) - thus any string which isn't a valid unicode character name
   wouldn't ever reach the checkletter method.
   
   Still, it's probably better to be safe than sorry.

Commits on Oct 5, 2020

Commits on Oct 4, 2020

2. bpo-41909: Enable previously disabled recursion checks. (GH-22536)

   Enable recursion checks which were disabled when get __bases__ of
   non-type objects in issubclass() and isinstance() and when intern
   strings. It fixes a stack overflow when getting __bases__ leads
   to infinite recursion.
   
   Originally recursion checks was disabled for PyDict_GetItem() which
   silences all errors including the one raised in case of detected
   recursion and can return incorrect result. But now the code uses
   PyDict_GetItemWithError() and PyDict_SetDefault() instead.

Commits on Oct 3, 2020

Commits on Oct 2, 2020