From 1e1b189d773e134c67d643021fcd045c66733d7e Mon Sep 17 00:00:00 2001 From: Yuru Shao Date: Fri, 9 Jun 2023 12:54:41 -0700 Subject: [PATCH 01/25] Remove py3.7 (#234) * Remove py3.7 * Restore cache action --- .github/workflows/ci.yml | 2 +- dev-requirements.txt | 2 +- requirements.txt | 2 +- tox.ini | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 714342dd..c6ca4a3d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - python-version: ['3.7', '3.8', '3.9', '3.10'] + python-version: ['3.8', '3.9', '3.10'] steps: - uses: actions/checkout@v3 diff --git a/dev-requirements.txt b/dev-requirements.txt index e5ecac73..e1dcf948 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -1,5 +1,5 @@ coverage==6.4.1 -fakeredis==1.7.5 +fakeredis==2.10.2 flake8==6.0.0 freezegun==1.2.1 pytest==7.1.2 diff --git a/requirements.txt b/requirements.txt index 76c5b71c..43d34c4e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,5 +3,5 @@ Flask==2.1.2 itsdangerous==2.1.2 Jinja2==3.1.2 MarkupSafe==2.1.1 -redis==4.3.3 +redis==4.5.3 Werkzeug==2.2.3 diff --git a/tox.ini b/tox.ini index 5430e6b3..92223a8a 100644 --- a/tox.ini +++ b/tox.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37, py38, py39, py310, flake8 +envlist = py38, py39, py310, flake8 [testenv] setenv = From 6f02f6e2b73250b2e66cd0f421d296df90c4bdca Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 Jun 2023 13:01:50 -0700 Subject: [PATCH 02/25] Bump cryptography from 39.0.2 to 41.0.1 (#260) Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.2 to 41.0.1. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/39.0.2...41.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 43d34c4e..7a122aec 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -cryptography==39.0.2 +cryptography==41.0.1 Flask==2.1.2 itsdangerous==2.1.2 Jinja2==3.1.2 From 013c0d1e775ab552625196aa3a73158821700f64 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 Jun 2023 13:15:29 -0700 Subject: [PATCH 03/25] Bump tox from 3.25.0 to 4.6.0 (#262) Bumps [tox](https://github.com/tox-dev/tox) from 3.25.0 to 4.6.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](https://github.com/tox-dev/tox/compare/3.25.0...4.6.0) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-requirements.txt b/dev-requirements.txt index e1dcf948..072b621f 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -4,4 +4,4 @@ flake8==6.0.0 freezegun==1.2.1 pytest==7.1.2 pytest-cov==3.0.0 -tox==3.25.0 +tox==4.6.0 From 95f5c352914eafe448d6d8fb6964a656498f16ed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 Jun 2023 13:19:43 -0700 Subject: [PATCH 04/25] Bump fakeredis from 1.7.5 to 2.14.1 (#263) Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 1.7.5 to 2.14.1. - [Release notes](https://github.com/cunla/fakeredis-py/releases) - [Commits](https://github.com/cunla/fakeredis-py/compare/v1.7.5...v2.14.1) --- updated-dependencies: - dependency-name: fakeredis dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-requirements.txt b/dev-requirements.txt index 072b621f..eb109d80 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -1,5 +1,5 @@ coverage==6.4.1 -fakeredis==2.10.2 +fakeredis==2.14.1 flake8==6.0.0 freezegun==1.2.1 pytest==7.1.2 From 147bdf390a126b1be34b110874fcf4778a962d8b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 Jun 2023 13:30:50 -0700 Subject: [PATCH 05/25] Bump flask from 2.1.2 to 2.3.2 (#250) Bumps [flask](https://github.com/pallets/flask) from 2.1.2 to 2.3.2. - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/flask/compare/2.1.2...2.3.2) --- updated-dependencies: - dependency-name: flask dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 7a122aec..f25b7102 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,7 @@ cryptography==41.0.1 -Flask==2.1.2 +Flask==2.3.2 itsdangerous==2.1.2 Jinja2==3.1.2 MarkupSafe==2.1.1 redis==4.5.3 -Werkzeug==2.2.3 +Werkzeug==2.3.3 From 6fec10eaab1757fdc76a00d5953d2828c77aaab4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 Jun 2023 13:38:04 -0700 Subject: [PATCH 06/25] Bump pytest from 7.1.2 to 7.3.1 (#243) Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.1.2 to 7.3.1. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/7.1.2...7.3.1) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-requirements.txt b/dev-requirements.txt index eb109d80..5aff2e1a 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -2,6 +2,6 @@ coverage==6.4.1 fakeredis==2.14.1 flake8==6.0.0 freezegun==1.2.1 -pytest==7.1.2 +pytest==7.3.1 pytest-cov==3.0.0 tox==4.6.0 From a34aaf8bb4c4fb5a6c75fa935393a6fe71443849 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 Jun 2023 13:38:27 -0700 Subject: [PATCH 07/25] Bump redis from 4.5.3 to 4.5.5 (#253) Bump redis from 4.3.3 to 4.5.5 Bumps [redis](https://github.com/redis/redis-py) from 4.3.3 to 4.5.5. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](https://github.com/redis/redis-py/compare/v4.3.3...v4.5.5) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yuru Shao --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index f25b7102..73b4777f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,5 +3,5 @@ Flask==2.3.2 itsdangerous==2.1.2 Jinja2==3.1.2 MarkupSafe==2.1.1 -redis==4.5.3 +redis==4.5.5 Werkzeug==2.3.3 From 5725b0db2e416e9dfe37868f9aa3cb849a38d573 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jun 2023 12:52:38 -0700 Subject: [PATCH 08/25] Bump coverage from 6.4.1 to 7.2.7 (#267) Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.4.1 to 7.2.7. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/6.4.1...7.2.7) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-requirements.txt b/dev-requirements.txt index 5aff2e1a..2fc2d044 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -1,4 +1,4 @@ -coverage==6.4.1 +coverage==7.2.7 fakeredis==2.14.1 flake8==6.0.0 freezegun==1.2.1 From 4c118cf022a2ddcd601c5c1a08b3965da5851e82 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jun 2023 12:52:57 -0700 Subject: [PATCH 09/25] Bump pytest-cov from 3.0.0 to 4.1.0 (#266) Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 3.0.0 to 4.1.0. - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest-cov/compare/v3.0.0...v4.1.0) --- updated-dependencies: - dependency-name: pytest-cov dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-requirements.txt b/dev-requirements.txt index 2fc2d044..2d133e5f 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -3,5 +3,5 @@ fakeredis==2.14.1 flake8==6.0.0 freezegun==1.2.1 pytest==7.3.1 -pytest-cov==3.0.0 +pytest-cov==4.1.0 tox==4.6.0 From 9d68d6b0587a95352bb905816f60d098f81ccfea Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Sep 2023 09:22:23 -0700 Subject: [PATCH 10/25] Bump actions/checkout from 3 to 4 (#282) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c6ca4a3d..59d42e4f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,7 +16,7 @@ jobs: python-version: ['3.8', '3.9', '3.10'] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v4 with: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b0058ba3..046220f4 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -32,7 +32,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL From 31ae18d57d330e7992728b9636810f98414c342f Mon Sep 17 00:00:00 2001 From: Devin Lundberg Date: Mon, 25 Sep 2023 11:24:35 -0500 Subject: [PATCH 11/25] [Snyk] Security upgrade cryptography from 41.0.1 to 41.0.4 (#284) fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629 Co-authored-by: snyk-bot --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 73b4777f..cf2fe38d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -cryptography==41.0.1 +cryptography==41.0.4 Flask==2.3.2 itsdangerous==2.1.2 Jinja2==3.1.2 From f3edccdd1ff4823c719945f844b284b4af2339f4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Sep 2023 23:36:02 -0700 Subject: [PATCH 12/25] Bump tox from 4.6.0 to 4.11.3 (#287) Bumps [tox](https://github.com/tox-dev/tox) from 4.6.0 to 4.11.3. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](https://github.com/tox-dev/tox/compare/4.6.0...4.11.3) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-requirements.txt b/dev-requirements.txt index 2d133e5f..6eb4a2ff 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -4,4 +4,4 @@ flake8==6.0.0 freezegun==1.2.1 pytest==7.3.1 pytest-cov==4.1.0 -tox==4.6.0 +tox==4.11.3 From 03bf76fbccb59e758031a320049eb118efc2d0c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Oct 2023 02:56:17 +0000 Subject: [PATCH 13/25] Bump fakeredis from 2.14.1 to 2.20.0 Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 2.14.1 to 2.20.0. - [Release notes](https://github.com/cunla/fakeredis-py/releases) - [Commits](https://github.com/cunla/fakeredis-py/compare/v2.14.1...v2.20.0) --- updated-dependencies: - dependency-name: fakeredis dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- dev-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-requirements.txt b/dev-requirements.txt index 6eb4a2ff..d86e0804 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -1,5 +1,5 @@ coverage==7.2.7 -fakeredis==2.14.1 +fakeredis==2.20.0 flake8==6.0.0 freezegun==1.2.1 pytest==7.3.1 From 1a9824d24d125ae5f420526f011d05ac24833a05 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Oct 2023 16:35:54 +0000 Subject: [PATCH 14/25] Bump redis from 4.5.5 to 5.0.1 Bumps [redis](https://github.com/redis/redis-py) from 4.5.5 to 5.0.1. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](https://github.com/redis/redis-py/compare/v4.5.5...v5.0.1) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index cf2fe38d..1b5e88e0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,5 +3,5 @@ Flask==2.3.2 itsdangerous==2.1.2 Jinja2==3.1.2 MarkupSafe==2.1.1 -redis==4.5.5 +redis==5.0.1 Werkzeug==2.3.3 From 99028bff16b61b7139ea5b737a19daccbf29bd6c Mon Sep 17 00:00:00 2001 From: Yuru Shao Date: Fri, 1 Dec 2023 09:35:00 -0800 Subject: [PATCH 15/25] Install deps from requirements.txt (#303) --- .dockerignore | 1 - Dockerfile | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.dockerignore b/.dockerignore index 67d158d7..5935edca 100644 --- a/.dockerignore +++ b/.dockerignore @@ -6,7 +6,6 @@ CONTRIBUTING.rst docker-compose.yml Dockerfile -requirements.txt tests.py tox.ini diff --git a/Dockerfile b/Dockerfile index d8cccbc6..70e18c50 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,12 +8,13 @@ RUN groupadd -r snappass && \ WORKDIR $APP_DIR -COPY ["setup.py", "MANIFEST.in", "README.rst", "AUTHORS.rst", "$APP_DIR/"] +COPY ["setup.py", "requirements.txt", "MANIFEST.in", "README.rst", "AUTHORS.rst", "$APP_DIR/"] COPY ["./snappass", "$APP_DIR/snappass"] RUN python setup.py install && \ chown -R snappass $APP_DIR && \ chgrp -R snappass $APP_DIR +RUN pip install -r requirements.txt USER snappass From baa921f1cb9af1997320ae4eab3de1daa8c5432e Mon Sep 17 00:00:00 2001 From: Yuru Shao Date: Fri, 1 Dec 2023 17:04:38 -0800 Subject: [PATCH 16/25] Prepare 1.6.1 release (#304) * Prepare 1.6.1 release * Update configs * Fix dev requirements --- .bumpversion.cfg | 6 ------ README.rst | 2 +- dev-requirements.txt | 2 ++ setup.cfg | 2 +- setup.py | 3 +-- 5 files changed, 5 insertions(+), 10 deletions(-) delete mode 100644 .bumpversion.cfg diff --git a/.bumpversion.cfg b/.bumpversion.cfg deleted file mode 100644 index 560db08d..00000000 --- a/.bumpversion.cfg +++ /dev/null @@ -1,6 +0,0 @@ -[bumpversion] -files = setup.py -commit = True -tag = True -current_version = 1.5.0 - diff --git a/README.rst b/README.rst index 1781f158..cb20c9e2 100644 --- a/README.rst +++ b/README.rst @@ -47,7 +47,7 @@ Requirements ------------ * `Redis`_ -* Python 3.7+ +* Python 3.8+ .. _Redis: https://redis.io/ diff --git a/dev-requirements.txt b/dev-requirements.txt index d86e0804..b7191fad 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -5,3 +5,5 @@ freezegun==1.2.1 pytest==7.3.1 pytest-cov==4.1.0 tox==4.11.3 +bumpversion==0.6.0 +wheel==0.42.0 diff --git a/setup.cfg b/setup.cfg index 64ce37d8..398abb2f 100644 --- a/setup.cfg +++ b/setup.cfg @@ -2,7 +2,7 @@ current_version = 1.6.0 commit = True tag = True -files = setup.py snappass/__init__.py +files = setup.py [flake8] show-source = True diff --git a/setup.py b/setup.py index b5410d74..e088fba6 100644 --- a/setup.py +++ b/setup.py @@ -18,7 +18,7 @@ ], }, include_package_data=True, - python_requires='>=3.7, <4', + python_requires='>=3.8, <4', classifiers=[ 'Development Status :: 5 - Production/Stable', 'Intended Audience :: Developers', @@ -27,7 +27,6 @@ 'Operating System :: OS Independent', 'Programming Language :: Python', 'Programming Language :: Python :: 3', - 'Programming Language :: Python :: 3.7', 'Programming Language :: Python :: 3.8', 'Programming Language :: Python :: 3.9', 'Programming Language :: Python :: 3.10', From 8103cb4adba827e6c0ce1e9999e9a70cf79c46a7 Mon Sep 17 00:00:00 2001 From: Yuru Shao Date: Fri, 1 Dec 2023 17:11:30 -0800 Subject: [PATCH 17/25] =?UTF-8?q?Bump=20version:=201.6.0=20=E2=86=92=201.6?= =?UTF-8?q?.1=20(#305)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- setup.cfg | 3 +-- setup.py | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/setup.cfg b/setup.cfg index 398abb2f..095b615f 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,5 +1,5 @@ [bumpversion] -current_version = 1.6.0 +current_version = 1.6.1 commit = True tag = True files = setup.py @@ -7,4 +7,3 @@ files = setup.py [flake8] show-source = True max-line-length = 120 - diff --git a/setup.py b/setup.py index e088fba6..b4ae3329 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='snappass', - version='1.6.0', + version='1.6.1', description="It's like SnapChat... for Passwords.", long_description=(open('README.rst').read() + '\n\n' + open('AUTHORS.rst').read()), From ae2747311ae1c1f0171cc86bb909b12bf7e756ad Mon Sep 17 00:00:00 2001 From: vin01 <30344579+vin01@users.noreply.github.com> Date: Sat, 2 Dec 2023 02:54:51 +0100 Subject: [PATCH 18/25] Use urllib.parse for quoting/unquoting plus instead of deprecated werkzeug.urls (#300) Use urllib.parse for quoting/unquoting plus werkzeug.urls.url_quote_plus and werkzeug.urls.url_unquote_plus were deprecated and are removed in 3.0.0 and newer versions. --- snappass/main.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/snappass/main.py b/snappass/main.py index 00c4d018..50b51f01 100644 --- a/snappass/main.py +++ b/snappass/main.py @@ -7,8 +7,8 @@ from cryptography.fernet import Fernet from flask import abort, Flask, render_template, request, jsonify from redis.exceptions import ConnectionError -from werkzeug.urls import url_quote_plus -from werkzeug.urls import url_unquote_plus +from urllib.parse import quote_plus +from urllib.parse import unquote_plus from distutils.util import strtobool NO_SSL = bool(strtobool(os.environ.get('NO_SSL', 'False'))) @@ -176,7 +176,7 @@ def handle_password(): base_url = request.url_root.replace("http://", "https://") if URL_PREFIX: base_url = base_url + URL_PREFIX.strip("/") + "/" - link = base_url + url_quote_plus(token) + link = base_url + quote_plus(token) if request.accept_mimetypes.accept_json and not request.accept_mimetypes.accept_html: return jsonify(link=link, ttl=ttl) else: @@ -185,7 +185,7 @@ def handle_password(): @app.route('/', methods=['GET']) def preview_password(password_key): - password_key = url_unquote_plus(password_key) + password_key = unquote_plus(password_key) if not password_exists(password_key): return render_template('expired.html'), 404 @@ -194,7 +194,7 @@ def preview_password(password_key): @app.route('/', methods=['POST']) def show_password(password_key): - password_key = url_unquote_plus(password_key) + password_key = unquote_plus(password_key) password = get_password(password_key) if not password: return render_template('expired.html'), 404 From fd27ab7d4a624205b435d2e4210b2e2942c3c7ce Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Dec 2023 13:53:47 -0800 Subject: [PATCH 19/25] Bump actions/setup-python from 4 to 5 (#306) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 59d42e4f..2f03bcfb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - uses: actions/cache@v3 From b53ceed6eb47070264d52077b29d4e78fddd82a8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Dec 2023 13:54:08 -0800 Subject: [PATCH 20/25] Bump github/codeql-action from 2 to 3 (#309) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 046220f4..0c0dbfa2 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -36,10 +36,10 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} config-file: ./.github/codeql-config.yml - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 From b66b1e1bb2da340ea2bf7ab8a99a942b6c9ad5fa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Dec 2023 14:00:16 -0800 Subject: [PATCH 21/25] Bump werkzeug from 2.3.3 to 3.0.1 (#295) Bumps [werkzeug](https://github.com/pallets/werkzeug) from 2.3.3 to 3.0.1. - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/werkzeug/compare/2.3.3...3.0.1) --- updated-dependencies: - dependency-name: werkzeug dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 1b5e88e0..ad8b3b83 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,4 +4,4 @@ itsdangerous==2.1.2 Jinja2==3.1.2 MarkupSafe==2.1.1 redis==5.0.1 -Werkzeug==2.3.3 +Werkzeug==3.0.1 From 7db0be7a90c578b6e11f4ea540da09ce29d94c86 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Dec 2023 14:08:29 -0800 Subject: [PATCH 22/25] Bump flask from 2.3.2 to 3.0.0 (#294) Bumps [flask](https://github.com/pallets/flask) from 2.3.2 to 3.0.0. - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/flask/compare/2.3.2...3.0.0) --- updated-dependencies: - dependency-name: flask dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index ad8b3b83..1813bab4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ cryptography==41.0.4 -Flask==2.3.2 +Flask==3.0.0 itsdangerous==2.1.2 Jinja2==3.1.2 MarkupSafe==2.1.1 From 3871c39b05158aaaaba62d52cdf6790db8a636a8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 02:24:33 +0000 Subject: [PATCH 23/25] Bump pytest from 7.3.1 to 7.4.4 Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.3.1 to 7.4.4. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/7.3.1...7.4.4) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- dev-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-requirements.txt b/dev-requirements.txt index b7191fad..7c2f4fd8 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -2,7 +2,7 @@ coverage==7.2.7 fakeredis==2.20.0 flake8==6.0.0 freezegun==1.2.1 -pytest==7.3.1 +pytest==7.4.4 pytest-cov==4.1.0 tox==4.11.3 bumpversion==0.6.0 From a8e4312a6c16e6a8161a609066b7939f5991598a Mon Sep 17 00:00:00 2001 From: Yuru Shao Date: Tue, 2 Jan 2024 17:17:27 -0800 Subject: [PATCH 24/25] =?UTF-8?q?Bump=20version:=201.6.1=20=E2=86=92=201.6?= =?UTF-8?q?.2=20(#311)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- setup.cfg | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/setup.cfg b/setup.cfg index 095b615f..632eff56 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,5 +1,5 @@ [bumpversion] -current_version = 1.6.1 +current_version = 1.6.2 commit = True tag = True files = setup.py diff --git a/setup.py b/setup.py index b4ae3329..44679724 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='snappass', - version='1.6.1', + version='1.6.2', description="It's like SnapChat... for Passwords.", long_description=(open('README.rst').read() + '\n\n' + open('AUTHORS.rst').read()), From 6798a262b36dc57a90191924d1eec8d37a1f1014 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Jan 2024 17:46:05 +0000 Subject: [PATCH 25/25] Bump freezegun from 1.2.1 to 1.4.0 Bumps [freezegun](https://github.com/spulec/freezegun) from 1.2.1 to 1.4.0. - [Release notes](https://github.com/spulec/freezegun/releases) - [Changelog](https://github.com/spulec/freezegun/blob/master/CHANGELOG) - [Commits](https://github.com/spulec/freezegun/compare/1.2.1...1.4.0) --- updated-dependencies: - dependency-name: freezegun dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- dev-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-requirements.txt b/dev-requirements.txt index 7c2f4fd8..54432588 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -1,7 +1,7 @@ coverage==7.2.7 fakeredis==2.20.0 flake8==6.0.0 -freezegun==1.2.1 +freezegun==1.4.0 pytest==7.4.4 pytest-cov==4.1.0 tox==4.11.3