Skip to content

build(deps): bump internetarchive from 3.7.0 to 5.5.1#264

Merged
elsiehupp merged 3 commits intopython3from
dependabot/pip/internetarchive-5.5.1
Feb 10, 2026
Merged

build(deps): bump internetarchive from 3.7.0 to 5.5.1#264
elsiehupp merged 3 commits intopython3from
dependabot/pip/internetarchive-5.5.1

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 10, 2026

Bumps internetarchive from 3.7.0 to 5.5.1.

Release notes

Sourced from internetarchive's releases.

Version 5.5.1

Security

  • Fixed a critical directory traversal vulnerability in File.download(). All users are urged to upgrade immediately. This prevents malicious filenames from writing files outside the target directory, a risk especially critical for Windows users.
  • Added automatic filename sanitization with platform-specific rules.
  • Added path resolution checks to block directory traversal attacks.
  • Introduced warnings when filenames are sanitized to maintain user awareness.

Please see the security advisory for more details.

Bugfixes

  • Fixed bug in JSON parsing for ia upload --file-metadata ....

Version 5.5.0

Features and Improvements

  • Added --parameters option to ia metadata.

Version 5.4.1

Features and Improvements

  • Stop setting scanner on upload per policy change.

Bugfixes

  • Fixed bug where REMOVE_TAG was not working with indexed keys.
  • Fixed argument validation and option parsing in ia download.

Version 5.4.0

Features and Improvements

  • Added --print-auth-header option to ia configure.

Bugfixes

  • Corrected behavior of ia_copy to avoid dropping path prefixes, fixing ia_move to properly delete moved files in subdirectories (via :gh:693).
  • Fixed bug where hardcoded test comment was being sent with every request.
  • Fixed issue where ia reviews --index/--noindex only worked for configured user.

Version 5.3.0

Features and Improvements

  • Added ia configure --show to print config to stdout.
  • Added ia configure --check for validating credentials.
  • Added ia configure --whoami for retrieving info about the configured user.
  • Added ia simplelists command for managing simplelists.
  • Added ia flag command for managing flags.

Bugfixes

  • Fixed bugs in ia copy and ia move where an AttributeError was being raised.

... (truncated)

Changelog

Sourced from internetarchive's changelog.

5.5.1 (2025-09-05) ++++++++++++++++++

Security

  • Fixed a critical directory traversal vulnerability in File.download(). All users are urged to upgrade immediately. This prevents malicious filenames from writing files outside the target directory, a risk especially critical for Windows users.
  • Added automatic filename sanitization with platform-specific rules.
  • Added path resolution checks to block directory traversal attacks.
  • Introduced warnings when filenames are sanitized to maintain user awareness.

Bugfixes

  • Fixed bug in JSON parsing for ia upload --file-metadata ....

5.5.0 (2025-07-17) ++++++++++++++++++

Features and Improvements

  • Added --parameters option to ia metadata.

5.4.1 (2025-07-16) ++++++++++++++++++

Features and Improvements

  • Stop setting scanner on upload per policy change.

Bugfixes

  • Fixed bug where REMOVE_TAG was not working with indexed keys.
  • Fixed argument validation and option parsing in ia download.

5.4.0 (2025-04-29) ++++++++++++++++++

Features and Improvements

  • Added --print-auth-header option to ia configure.

Bugfixes

  • Corrected behavior of ia_copy to avoid dropping path prefixes, fixing ia_move to properly delete moved files in subdirectories (via PR [#693](https://github.com/jjjake/internetarchive/issues/693) <https://github.com/jjjake/internetarchive/pull/693>_).
  • Fixed bug where hardcoded test comment was being sent with every request.
  • Fixed issue where ia reviews --index/--noindex only worked for configured user.

5.3.1 (2025-03-26) ++++++++++++++++++

Bugfixes

  • Fixed bug where ia reviews --index/--noindex was only working for the configured user.

... (truncated)

Commits
  • 73141db v5.5.1
  • cba2d45 Merge branch 'sanitize-filename-downloads'
  • be94ff7 v5.5.1
  • d578c53 v5.5.1
  • 00c2c20 Updated README with temporary security notice
  • ccf95b0 Added tests for file sanitization
  • e676fc5 Added tests for file sanitization
  • d05d2bb fixed typo
  • d583bd5 Added directory traversal attack check to download
  • eceef89 Encode % in sanitize_filename_windows to ensure the encoding is reliably reve...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump internetarchive from 3.7.0 to 5.5.1
4b951b4 
Bumps [internetarchive](https://github.com/jjjake/internetarchive) from 3.7.0 to 5.5.1.
- [Release notes](https://github.com/jjjake/internetarchive/releases)
- [Changelog](https://github.com/jjjake/internetarchive/blob/master/HISTORY.rst)
- [Commits](jjjake/internetarchive@v3.7.0...v5.5.1)

---
updated-dependencies:
- dependency-name: internetarchive
  dependency-version: 5.5.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Feb 10, 2026
@elsiehupp elsiehupp merged commit 45c0e53 into python3 Feb 10, 2026
0 of 3 checks passed
@elsiehupp elsiehupp deleted the dependabot/pip/internetarchive-5.5.1 branch February 10, 2026 00:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@elsiehupp