From 1e2ae83e179ed0af01abb526ee56731218e88a89 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Sep 2022 10:13:59 +0000 Subject: [PATCH 01/22] Bump black from 22.6.0 to 22.8.0 Bumps [black](https://github.com/psf/black) from 22.6.0 to 22.8.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/22.6.0...22.8.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linter-requirements.txt b/linter-requirements.txt index 616a440..ca98ba4 100644 --- a/linter-requirements.txt +++ b/linter-requirements.txt @@ -1,5 +1,5 @@ bandit==1.7.4 -black==22.6.0 +black==22.8.0 flake8==5.0.4 isort==5.10.1 pydocstyle[toml]==6.1.1 From 51a2b7e2416807800ad10957b43082646b49b418 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Sep 2022 10:14:00 +0000 Subject: [PATCH 02/22] Bump uglify-js from 3.17.0 to 3.17.2 Bumps [uglify-js](https://github.com/mishoo/UglifyJS) from 3.17.0 to 3.17.2. - [Release notes](https://github.com/mishoo/UglifyJS/releases) - [Commits](https://github.com/mishoo/UglifyJS/compare/v3.17.0...v3.17.2) --- updated-dependencies: - dependency-name: uglify-js dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 43d30f6..3438613 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2214,9 +2214,9 @@ } }, "node_modules/uglify-js": { - "version": "3.17.0", - "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.0.tgz", - "integrity": "sha512-aTeNPVmgIMPpm1cxXr2Q/nEbvkmV8yq66F3om7X3P/cvOXQ0TMQ64Wk63iyT1gPlmdmGzjGpyLh1f3y8MZWXGg==", + "version": "3.17.2", + "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.2.tgz", + "integrity": "sha512-bbxglRjsGQMchfvXZNusUcYgiB9Hx2K4AHYXQy2DITZ9Rd+JzhX7+hoocE5Winr7z2oHvPsekkBwXtigvxevXg==", "dev": true, "bin": { "uglifyjs": "bin/uglifyjs" @@ -3917,9 +3917,9 @@ "dev": true }, "uglify-js": { - "version": "3.17.0", - "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.0.tgz", - "integrity": "sha512-aTeNPVmgIMPpm1cxXr2Q/nEbvkmV8yq66F3om7X3P/cvOXQ0TMQ64Wk63iyT1gPlmdmGzjGpyLh1f3y8MZWXGg==", + "version": "3.17.2", + "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.2.tgz", + "integrity": "sha512-bbxglRjsGQMchfvXZNusUcYgiB9Hx2K4AHYXQy2DITZ9Rd+JzhX7+hoocE5Winr7z2oHvPsekkBwXtigvxevXg==", "dev": true }, "unbox-primitive": { From 8637e505991075863eb54842fbbaf67e6dd6f9a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Oct 2022 10:21:14 +0000 Subject: [PATCH 03/22] Bump black from 22.8.0 to 22.10.0 Bumps [black](https://github.com/psf/black) from 22.8.0 to 22.10.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/22.8.0...22.10.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linter-requirements.txt b/linter-requirements.txt index ca98ba4..c3083bc 100644 --- a/linter-requirements.txt +++ b/linter-requirements.txt @@ -1,5 +1,5 @@ bandit==1.7.4 -black==22.8.0 +black==22.10.0 flake8==5.0.4 isort==5.10.1 pydocstyle[toml]==6.1.1 From 3e17d58d523323cf60476478119e65e73b514d7b Mon Sep 17 00:00:00 2001 From: Johannes Maron Date: Fri, 14 Oct 2022 10:38:45 +0200 Subject: [PATCH 04/22] Update SECURITY.md --- SECURITY.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 2c46f81..cf70d2e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -42,8 +42,13 @@ not escape and access any files but the one uploaded by the attacker. ## Reporting a Vulnerability -NEVER open an issue or discussion to report a vulnerability. Please contact one of the -maintainers of the project either via email or Telegram: +NEVER open an issue or discussion to report a vulnerability. + +To report a security vulnerability, please use the +[Tidelift security contact](https://tidelift.com/security). +Tidelift will coordinate the fix and disclosure. + +You may also contact one of the maintainers of the project either via email or Telegram: * Email: [johannes@maron.family](mailto:johannes@maron.family) * Telegram: [@codingjoe](https://t.me/codingjoe) From b129068adf1e50ac157675661abc6a67b52c8475 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Oct 2022 10:04:55 +0000 Subject: [PATCH 05/22] Bump uglify-js from 3.17.2 to 3.17.3 Bumps [uglify-js](https://github.com/mishoo/UglifyJS) from 3.17.2 to 3.17.3. - [Release notes](https://github.com/mishoo/UglifyJS/releases) - [Commits](https://github.com/mishoo/UglifyJS/compare/v3.17.2...v3.17.3) --- updated-dependencies: - dependency-name: uglify-js dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3438613..5526174 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2214,9 +2214,9 @@ } }, "node_modules/uglify-js": { - "version": "3.17.2", - "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.2.tgz", - "integrity": "sha512-bbxglRjsGQMchfvXZNusUcYgiB9Hx2K4AHYXQy2DITZ9Rd+JzhX7+hoocE5Winr7z2oHvPsekkBwXtigvxevXg==", + "version": "3.17.3", + "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.3.tgz", + "integrity": "sha512-JmMFDME3iufZnBpyKL+uS78LRiC+mK55zWfM5f/pWBJfpOttXAqYfdDGRukYhJuyRinvPVAtUhvy7rlDybNtFg==", "dev": true, "bin": { "uglifyjs": "bin/uglifyjs" @@ -3917,9 +3917,9 @@ "dev": true }, "uglify-js": { - "version": "3.17.2", - "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.2.tgz", - "integrity": "sha512-bbxglRjsGQMchfvXZNusUcYgiB9Hx2K4AHYXQy2DITZ9Rd+JzhX7+hoocE5Winr7z2oHvPsekkBwXtigvxevXg==", + "version": "3.17.3", + "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.3.tgz", + "integrity": "sha512-JmMFDME3iufZnBpyKL+uS78LRiC+mK55zWfM5f/pWBJfpOttXAqYfdDGRukYhJuyRinvPVAtUhvy7rlDybNtFg==", "dev": true }, "unbox-primitive": { From 6f3ab7042d8875505e54b4d8a6b942b90c234510 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Oct 2022 10:06:06 +0000 Subject: [PATCH 06/22] Bump uglify-js from 3.17.3 to 3.17.4 Bumps [uglify-js](https://github.com/mishoo/UglifyJS) from 3.17.3 to 3.17.4. - [Release notes](https://github.com/mishoo/UglifyJS/releases) - [Commits](https://github.com/mishoo/UglifyJS/compare/v3.17.3...v3.17.4) --- updated-dependencies: - dependency-name: uglify-js dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5526174..796f0be 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2214,9 +2214,9 @@ } }, "node_modules/uglify-js": { - "version": "3.17.3", - "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.3.tgz", - "integrity": "sha512-JmMFDME3iufZnBpyKL+uS78LRiC+mK55zWfM5f/pWBJfpOttXAqYfdDGRukYhJuyRinvPVAtUhvy7rlDybNtFg==", + "version": "3.17.4", + "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.4.tgz", + "integrity": "sha512-T9q82TJI9e/C1TAxYvfb16xO120tMVFZrGA3f9/P4424DNu6ypK103y0GPFVa17yotwSyZW5iYXgjYHkGrJW/g==", "dev": true, "bin": { "uglifyjs": "bin/uglifyjs" @@ -3917,9 +3917,9 @@ "dev": true }, "uglify-js": { - "version": "3.17.3", - "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.3.tgz", - "integrity": "sha512-JmMFDME3iufZnBpyKL+uS78LRiC+mK55zWfM5f/pWBJfpOttXAqYfdDGRukYhJuyRinvPVAtUhvy7rlDybNtFg==", + "version": "3.17.4", + "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.4.tgz", + "integrity": "sha512-T9q82TJI9e/C1TAxYvfb16xO120tMVFZrGA3f9/P4424DNu6ypK103y0GPFVa17yotwSyZW5iYXgjYHkGrJW/g==", "dev": true }, "unbox-primitive": { From 407a9960c3878301184e3acdc947201720571b0c Mon Sep 17 00:00:00 2001 From: Johannes Maron Date: Tue, 22 Nov 2022 16:57:57 +0100 Subject: [PATCH 07/22] Update official version support * Add Python 3.11 * Add Django 4.2 * Drop Python 3.8 --- .github/workflows/ci.yml | 9 +++++---- .github/workflows/release.yml | 2 +- pyproject.toml | 5 +++-- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 64c7454..e064a68 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,7 @@ jobs: steps: - uses: actions/setup-python@v4 with: - python-version: "3.10" + python-version: "3.x" - uses: actions/checkout@v3 - run: python -m pip install --upgrade pip build wheel twine - run: python -m build --sdist --wheel @@ -51,7 +51,7 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-python@v4 with: - python-version: "3.10" + python-version: "3.x" cache: 'pip' cache-dependency-path: 'linter-requirements.txt' - run: python -m pip install -r linter-requirements.txt @@ -66,12 +66,13 @@ jobs: strategy: matrix: python-version: - - "3.8" - "3.9" - "3.10" + - "3.11" django-version: - "3.2" - "4.0" + - "4.1" steps: - uses: actions/checkout@v3 - name: Set up Python ${{ matrix.python-version }} @@ -90,7 +91,7 @@ jobs: unzip chromedriver_linux64.zip -d bin - run: python -m pip install .[test] codecov - - run: python -m pip install django~=${{ matrix.django-version }} + - run: python -m pip install django~=${{ matrix.django-version }}.0 - run: python -m pytest env: PATH: $PATH:$(pwd)/bin diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c43eb28..fdc768f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,7 +12,7 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-python@v4 with: - python-version: "3.10" + python-version: "3.x" - run: python -m pip install --upgrade pip build wheel twine - uses: actions/setup-node@v3 - name: Install Node dependencies diff --git a/pyproject.toml b/pyproject.toml index 1c6f295..2ab4a6f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -21,14 +21,15 @@ classifiers = [ "Topic :: Software Development", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3 :: Only", - "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", "Framework :: Django", "Framework :: Django :: 3.2", "Framework :: Django :: 4.0", + "Framework :: Django :: 4.1", ] -requires-python = ">=3.8" +requires-python = ">=3.9" dependencies = [ "django>=2.0", "django-storages", From 494ec5799601b8b37f295cda5cafb28670761eca Mon Sep 17 00:00:00 2001 From: Johannes Maron Date: Tue, 22 Nov 2022 17:06:09 +0100 Subject: [PATCH 08/22] Add CodeQL to CI suite --- .github/workflows/ci.yml | 34 ++++++++++++++++++++++++++++++++++ tests/testapp/views.py | 2 +- 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e064a68..d2010bb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -96,3 +96,37 @@ jobs: env: PATH: $PATH:$(pwd)/bin - run: codecov + + analyze: + name: CodeQL Analyze + needs: + - pytest + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ javascript, python ] + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + queries: +security-and-quality + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + if: ${{ matrix.language == 'javascript' || matrix.language == 'python' }} + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{ matrix.language }}" diff --git a/tests/testapp/views.py b/tests/testapp/views.py index 22835e9..da3b87e 100644 --- a/tests/testapp/views.py +++ b/tests/testapp/views.py @@ -10,7 +10,7 @@ class FileEncoder(DjangoJSONEncoder): def default(self, o): if isinstance(o, File): return o.name - super().default(o) + return super().default(o) class ExampleFormView(generic.FormView): From f8f8e49c772be29f61c0b5325d3d9d233cfc237d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 24 Nov 2022 10:02:21 +0000 Subject: [PATCH 09/22] Bump flake8 from 5.0.4 to 6.0.0 Bumps [flake8](https://github.com/pycqa/flake8) from 5.0.4 to 6.0.0. - [Release notes](https://github.com/pycqa/flake8/releases) - [Commits](https://github.com/pycqa/flake8/compare/5.0.4...6.0.0) --- updated-dependencies: - dependency-name: flake8 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linter-requirements.txt b/linter-requirements.txt index c3083bc..93e37ff 100644 --- a/linter-requirements.txt +++ b/linter-requirements.txt @@ -1,5 +1,5 @@ bandit==1.7.4 black==22.10.0 -flake8==5.0.4 +flake8==6.0.0 isort==5.10.1 pydocstyle[toml]==6.1.1 From ef7fa0a1fee0261a17dbdec19ce8301e167d02bb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Dec 2022 10:03:13 +0000 Subject: [PATCH 10/22] Bump black from 22.10.0 to 22.12.0 Bumps [black](https://github.com/psf/black) from 22.10.0 to 22.12.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/22.10.0...22.12.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linter-requirements.txt b/linter-requirements.txt index 93e37ff..d38589e 100644 --- a/linter-requirements.txt +++ b/linter-requirements.txt @@ -1,5 +1,5 @@ bandit==1.7.4 -black==22.10.0 +black==22.12.0 flake8==6.0.0 isort==5.10.1 pydocstyle[toml]==6.1.1 From 573f41fa00bf7f6b5525c9c525a52ce6e829ae9b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Dec 2022 10:02:39 +0000 Subject: [PATCH 11/22] Bump isort from 5.10.1 to 5.11.1 Bumps [isort](https://github.com/pycqa/isort) from 5.10.1 to 5.11.1. - [Release notes](https://github.com/pycqa/isort/releases) - [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md) - [Commits](https://github.com/pycqa/isort/compare/5.10.1...5.11.1) --- updated-dependencies: - dependency-name: isort dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linter-requirements.txt b/linter-requirements.txt index d38589e..48d55e8 100644 --- a/linter-requirements.txt +++ b/linter-requirements.txt @@ -1,5 +1,5 @@ bandit==1.7.4 black==22.12.0 flake8==6.0.0 -isort==5.10.1 +isort==5.11.1 pydocstyle[toml]==6.1.1 From 03b7344aa17b18d4ecd17c6b649db8ca07465fad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Dec 2022 10:03:06 +0000 Subject: [PATCH 12/22] Bump isort from 5.11.1 to 5.11.2 Bumps [isort](https://github.com/pycqa/isort) from 5.11.1 to 5.11.2. - [Release notes](https://github.com/pycqa/isort/releases) - [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md) - [Commits](https://github.com/pycqa/isort/compare/5.11.1...5.11.2) --- updated-dependencies: - dependency-name: isort dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linter-requirements.txt b/linter-requirements.txt index 48d55e8..6b59e8f 100644 --- a/linter-requirements.txt +++ b/linter-requirements.txt @@ -1,5 +1,5 @@ bandit==1.7.4 black==22.12.0 flake8==6.0.0 -isort==5.11.1 +isort==5.11.2 pydocstyle[toml]==6.1.1 From df1b4df99b51990612538fffb75ab4c2297a1dcd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Dec 2022 10:03:25 +0000 Subject: [PATCH 13/22] Bump isort from 5.11.2 to 5.11.4 Bumps [isort](https://github.com/pycqa/isort) from 5.11.2 to 5.11.4. - [Release notes](https://github.com/pycqa/isort/releases) - [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md) - [Commits](https://github.com/pycqa/isort/compare/5.11.2...5.11.4) --- updated-dependencies: - dependency-name: isort dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linter-requirements.txt b/linter-requirements.txt index 6b59e8f..f4fd0e4 100644 --- a/linter-requirements.txt +++ b/linter-requirements.txt @@ -1,5 +1,5 @@ bandit==1.7.4 black==22.12.0 flake8==6.0.0 -isort==5.11.2 +isort==5.11.4 pydocstyle[toml]==6.1.1 From 47ad857dde5702da6c0bb0bac2df9c668d6cb00e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Jan 2023 10:02:40 +0000 Subject: [PATCH 14/22] Bump pydocstyle[toml] from 6.1.1 to 6.2.2 Bumps [pydocstyle[toml]](https://github.com/PyCQA/pydocstyle) from 6.1.1 to 6.2.2. - [Release notes](https://github.com/PyCQA/pydocstyle/releases) - [Changelog](https://github.com/PyCQA/pydocstyle/blob/master/docs/release_notes.rst) - [Commits](https://github.com/PyCQA/pydocstyle/compare/6.1.1...6.2.2) --- updated-dependencies: - dependency-name: pydocstyle[toml] dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linter-requirements.txt b/linter-requirements.txt index f4fd0e4..6523f5c 100644 --- a/linter-requirements.txt +++ b/linter-requirements.txt @@ -2,4 +2,4 @@ bandit==1.7.4 black==22.12.0 flake8==6.0.0 isort==5.11.4 -pydocstyle[toml]==6.1.1 +pydocstyle[toml]==6.2.2 From e837d59f2d7330d5a0a693f18e031da0f13840bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Jan 2023 16:43:23 +0000 Subject: [PATCH 15/22] Bump json5 from 1.0.1 to 1.0.2 Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2. - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](https://github.com/json5/json5/compare/v1.0.1...v1.0.2) --- updated-dependencies: - dependency-name: json5 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 796f0be..65897fd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1414,9 +1414,9 @@ "dev": true }, "node_modules/json5": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz", - "integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==", + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==", "dev": true, "dependencies": { "minimist": "^1.2.0" @@ -3345,9 +3345,9 @@ "dev": true }, "json5": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz", - "integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==", + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==", "dev": true, "requires": { "minimist": "^1.2.0" From a905c72f19ad386f67e8922b969ba3bc99bbbcf8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jan 2023 10:04:34 +0000 Subject: [PATCH 16/22] Bump pydocstyle[toml] from 6.2.2 to 6.2.3 Bumps [pydocstyle[toml]](https://github.com/PyCQA/pydocstyle) from 6.2.2 to 6.2.3. - [Release notes](https://github.com/PyCQA/pydocstyle/releases) - [Changelog](https://github.com/PyCQA/pydocstyle/blob/master/docs/release_notes.rst) - [Commits](https://github.com/PyCQA/pydocstyle/compare/6.2.2...6.2.3) --- updated-dependencies: - dependency-name: pydocstyle[toml] dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linter-requirements.txt b/linter-requirements.txt index 6523f5c..b769726 100644 --- a/linter-requirements.txt +++ b/linter-requirements.txt @@ -2,4 +2,4 @@ bandit==1.7.4 black==22.12.0 flake8==6.0.0 isort==5.11.4 -pydocstyle[toml]==6.2.2 +pydocstyle[toml]==6.2.3 From c9d5ead0958f2f80abcf8b5b8aab790bd0e18c17 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Jan 2023 10:02:35 +0000 Subject: [PATCH 17/22] Bump pydocstyle[toml] from 6.2.3 to 6.3.0 Bumps [pydocstyle[toml]](https://github.com/PyCQA/pydocstyle) from 6.2.3 to 6.3.0. - [Release notes](https://github.com/PyCQA/pydocstyle/releases) - [Changelog](https://github.com/PyCQA/pydocstyle/blob/master/docs/release_notes.rst) - [Commits](https://github.com/PyCQA/pydocstyle/compare/6.2.3...6.3.0) --- updated-dependencies: - dependency-name: pydocstyle[toml] dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linter-requirements.txt b/linter-requirements.txt index b769726..d59f7c6 100644 --- a/linter-requirements.txt +++ b/linter-requirements.txt @@ -2,4 +2,4 @@ bandit==1.7.4 black==22.12.0 flake8==6.0.0 isort==5.11.4 -pydocstyle[toml]==6.2.3 +pydocstyle[toml]==6.3.0 From d1f68af465689c75df9236cd03d50507d6c37bae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Jan 2023 10:03:19 +0000 Subject: [PATCH 18/22] Bump isort from 5.11.4 to 5.12.0 Bumps [isort](https://github.com/pycqa/isort) from 5.11.4 to 5.12.0. - [Release notes](https://github.com/pycqa/isort/releases) - [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md) - [Commits](https://github.com/pycqa/isort/compare/5.11.4...5.12.0) --- updated-dependencies: - dependency-name: isort dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linter-requirements.txt b/linter-requirements.txt index d59f7c6..6fec005 100644 --- a/linter-requirements.txt +++ b/linter-requirements.txt @@ -1,5 +1,5 @@ bandit==1.7.4 black==22.12.0 flake8==6.0.0 -isort==5.11.4 +isort==5.12.0 pydocstyle[toml]==6.3.0 From 26569b6190af3681abfb7c748226360ce1ddafa0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Feb 2023 14:58:57 +0000 Subject: [PATCH 19/22] Bump black from 22.12.0 to 23.1.0 Bumps [black](https://github.com/psf/black) from 22.12.0 to 23.1.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/22.12.0...23.1.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- linter-requirements.txt | 2 +- s3file/middleware.py | 1 - tests/test_views.py | 1 - 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/linter-requirements.txt b/linter-requirements.txt index 6fec005..649a6a1 100644 --- a/linter-requirements.txt +++ b/linter-requirements.txt @@ -1,5 +1,5 @@ bandit==1.7.4 -black==22.12.0 +black==23.1.0 flake8==6.0.0 isort==5.12.0 pydocstyle[toml]==6.3.0 diff --git a/s3file/middleware.py b/s3file/middleware.py index 9de8c6e..d0e1e6b 100644 --- a/s3file/middleware.py +++ b/s3file/middleware.py @@ -18,7 +18,6 @@ def __init__(self, get_response): def __call__(self, request): file_fields = request.POST.getlist("s3file") for field_name in file_fields: - paths = request.POST.getlist(field_name) if paths: try: diff --git a/tests/test_views.py b/tests/test_views.py index 63c67a7..d84d558 100644 --- a/tests/test_views.py +++ b/tests/test_views.py @@ -39,7 +39,6 @@ def test_post__created(self, client, upload_file): assert response.status_code == http.HTTPStatus.CREATED def test_post__bad_signature(self, client, upload_file): - bad_signature = base64.b64encode( hmac.new(b"eve", (self.policy + self.date).encode(), "sha256").digest() ).decode() From 2011747af69fdbf97afd5921e1f6588ce22b471a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Mar 2023 10:58:19 +0000 Subject: [PATCH 20/22] Bump bandit from 1.7.4 to 1.7.5 Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.4 to 1.7.5. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5) --- updated-dependencies: - dependency-name: bandit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linter-requirements.txt b/linter-requirements.txt index 649a6a1..fc6e8bc 100644 --- a/linter-requirements.txt +++ b/linter-requirements.txt @@ -1,4 +1,4 @@ -bandit==1.7.4 +bandit==1.7.5 black==23.1.0 flake8==6.0.0 isort==5.12.0 From d7ef7d523bcccca63458b5f938154b64726aceff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Mar 2023 10:57:54 +0000 Subject: [PATCH 21/22] Bump black from 23.1.0 to 23.3.0 Bumps [black](https://github.com/psf/black) from 23.1.0 to 23.3.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/23.1.0...23.3.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linter-requirements.txt b/linter-requirements.txt index fc6e8bc..3523059 100644 --- a/linter-requirements.txt +++ b/linter-requirements.txt @@ -1,5 +1,5 @@ bandit==1.7.5 -black==23.1.0 +black==23.3.0 flake8==6.0.0 isort==5.12.0 pydocstyle[toml]==6.3.0 From 660d079a445bf45818035092cdb97664d8a03433 Mon Sep 17 00:00:00 2001 From: Andrew Simmons Date: Fri, 31 Mar 2023 11:55:17 -0400 Subject: [PATCH 22/22] Replace call to self._clean_name with clean_name (#252) * Replace call to self._clean_name with clean_name * Require django-storages>=1.6 clean_name utility function was first made available in version 1.6 --- pyproject.toml | 2 +- s3file/storages_optimized.py | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 2ab4a6f..0e3a761 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -32,7 +32,7 @@ classifiers = [ requires-python = ">=3.9" dependencies = [ "django>=2.0", - "django-storages", + "django-storages>=1.6", "boto3", ] diff --git a/s3file/storages_optimized.py b/s3file/storages_optimized.py index dbf39d9..e1a0597 100644 --- a/s3file/storages_optimized.py +++ b/s3file/storages_optimized.py @@ -1,4 +1,5 @@ from storages.backends.s3boto3 import S3Boto3Storage +from storages.utils import clean_name class S3OptimizedUploadStorage(S3Boto3Storage): @@ -16,7 +17,7 @@ class S3OptimizedUploadStorage(S3Boto3Storage): def _save(self, name, content): # Basically copy the implementation of _save of S3Boto3Storage # and replace the obj.upload_fileobj with a copy function - cleaned_name = self._clean_name(name) + cleaned_name = clean_name(name) name = self._normalize_name(cleaned_name) params = self._get_write_parameters(name, content) pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy