Bump loguru from 0.5.3 to 0.6.0

[dependabot]

Bumps loguru from 0.5.3 to 0.6.0.

Release notes

Sourced from loguru's releases.

0.6.0

• Remove internal use of pickle.loads() considered as a security vulnerability referenced as CVE-2022-0329 (#563).
• Modify coroutine sink to make it discard log messages when loop=None and no event loop is running (due to internally using asyncio.get_running_loop() in place of asyncio.get_event_loop()).
• Remove the possibility to add a coroutine sink with enqueue=True if loop=None and no event loop is running.
• Change default encoding of file sink to be utf8 instead of locale.getpreferredencoding() (#339).
• Prevent non-ascii characters to be escaped while logging JSON message with serialize=True (#575, thanks @​ponponon).
• Fix flake8 errors and improve code readability (#353, thanks @​AndrewYakimets).

Changelog

Sourced from loguru's changelog.

0.6.0_ (2022-01-29)

• Remove internal use of pickle.loads() considered as a security vulnerability referenced as CVE-2022-0329 <https://nvd.nist.gov/vuln/detail/CVE-2022-0329>_ ([#563](https://github.com/Delgan/loguru/issues/563) <https://github.com/Delgan/loguru/issues/563>_).
• Modify coroutine sink to make it discard log messages when loop=None and no event loop is running (due to internally using asyncio.get_running_loop() in place of asyncio.get_event_loop()).
• Remove the possibility to add a coroutine sink with enqueue=True if loop=None and no event loop is running.
• Change default encoding of file sink to be utf8 instead of locale.getpreferredencoding() ([#339](https://github.com/Delgan/loguru/issues/339) <https://github.com/Delgan/loguru/issues/339>_).
• Prevent non-ascii characters to be escaped while logging JSON message with serialize=True ([#575](https://github.com/Delgan/loguru/issues/575) <https://github.com/Delgan/loguru/pull/575>, thanks @ponponon <https://github.com/ponponon>).
• Fix flake8 errors and improve code readability ([#353](https://github.com/Delgan/loguru/issues/353) <https://github.com/Delgan/loguru/issues/353>, thanks @AndrewYakimets <https://github.com/AndrewYakimets>).

Commits

• f40fa31 Bump version to 0.6.0
• 6a19cb1 Update CHANGELOG.md to reference CVE-2022-0329 vulnerability fix
• bc1dab4 Add docs about possible log injection attack
• ea39375 Document several security considerations and best practices
• 1eeea19 Change default file sink encoding to be "utf8" (#339)
• b02ef7a Prevent non-ascii characters to be escaped while logging JSON (#575)
• d38ced7 Modify behavior of coroutine sink when no running event loop
• ca6dcd0 Fix warnings generated by 'test_exceptions_catch.py' unit tests
• 2270d2b Fix warning generated by "test_add_option_enqueue.py" unit tests
• 4b0070a Remove use of "pickle.loads()" to comply with security tools (#563)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Merging #163 (1ac377a) into main (a502b9e) will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##              main      #163   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            5         5           
  Lines          127       127           
=========================================
  Hits           127       127           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a502b9e...1ac377a. Read the comment docs.