Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update project files #2877

Merged
merged 2 commits into from
Apr 8, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions .devcontainer/on-create-command.sh
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
#!/bin/bash
set -e

python3 -m venv .venv
python3 -m venv --upgrade-deps .venv
. .venv/bin/activate
pip install -U pip
pip install -r requirements/dev.txt
pip install -e .
pre-commit install --install-hooks
2 changes: 1 addition & 1 deletion .editorconfig
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,5 @@ end_of_line = lf
charset = utf-8
max_line_length = 88

[*.{yml,yaml,json,js,css,html}]
[*.{css,html,js,json,jsx,scss,ts,tsx,yaml,yml}]
indent_size = 2
4 changes: 2 additions & 2 deletions .github/ISSUE_TEMPLATE/bug-report.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ about: Report a bug in Werkzeug (not other projects which depend on Werkzeug)
---

<!--
This issue tracker is a tool to address bugs in Werkzeug itself. Please
use Pallets Discord or Stack Overflow for questions about your own code.
This issue tracker is a tool to address bugs in Werkzeug itself. Please use
GitHub Discussions or the Pallets Discord for questions about your own code.

Replace this comment with a clear outline of what the bug is.
-->
Expand Down
14 changes: 7 additions & 7 deletions .github/ISSUE_TEMPLATE/config.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
blank_issues_enabled: false
contact_links:
- name: Security issue
url: security@palletsprojects.com
about: Do not report security issues publicly. Email our security contact.
- name: Questions
url: https://stackoverflow.com/questions/tagged/werkzeug?tab=Frequent
about: Search for and ask questions about your code on Stack Overflow.
- name: Questions and discussions
url: https://github.com/pallets/werkzeug/security/advisories/new
about: Do not report security issues publicly. Create a private advisory.
- name: Questions on Discussions
url: https://github.com/pallets/werkzeug/discussions/
about: Ask questions about your own code on the Discussions tab.
- name: Questions on Chat
url: https://discord.gg/pallets
about: Discuss questions about your code on our Discord chat.
about: Ask questions about your own code on our Discord chat.
2 changes: 1 addition & 1 deletion .github/ISSUE_TEMPLATE/feature-request.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ about: Suggest a new feature for Werkzeug

<!--
Replace this comment with a description of what the feature should do.
Include details such as links relevant specs or previous discussions.
Include details such as links to relevant specs or previous discussions.
-->

<!--
Expand Down
29 changes: 22 additions & 7 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,24 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"
day: "monday"
time: "16:00"
timezone: "UTC"
- package-ecosystem: github-actions
directory: /
schedule:
interval: monthly
ignore:
# slsa depends on upload/download v3
- dependency-name: actions/upload-artifact
versions: '>= 4'
- dependency-name: actions/download-artifact
versions: '>= 4'
groups:
github-actions:
patterns:
- '*'
- package-ecosystem: pip
directory: /requirements/
schedule:
interval: monthly
groups:
python-requirements:
patterns:
- '*'
25 changes: 10 additions & 15 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
<!--
Before opening a PR, open a ticket describing the issue or feature the
PR will address. Follow the steps in CONTRIBUTING.rst.
PR will address. An issue is not required for fixing typos in
documentation, or other simple non-code changes.

Replace this comment with a description of the change. Describe how it
addresses the linked ticket.
Expand All @@ -9,22 +10,16 @@ addresses the linked ticket.
<!--
Link to relevant issues or previous PRs, one per line. Use "fixes" to
automatically close an issue.
-->

- fixes #<issue number>
fixes #<issue number>
-->

<!--
Ensure each step in CONTRIBUTING.rst is complete by adding an "x" to
each box below.
Ensure each step in CONTRIBUTING.rst is complete, especially the following:

If only docs were changed, these aren't relevant and can be removed.
- Add tests that demonstrate the correct behavior of the change. Tests
should fail without the change.
- Add or update relevant docs, in the docs folder and in code.
- Add an entry in CHANGES.rst summarizing the change and linking to the issue.
- Add `.. versionchanged::` entries in any relevant code docs.
-->

Checklist:

- [ ] Add tests that demonstrate the correct behavior of the change. Tests should fail without the change.
- [ ] Add or update relevant docs, in the docs folder and in code.
- [ ] Add an entry in `CHANGES.rst` summarizing the change and linking to the issue.
- [ ] Add `.. versionchanged::` entries in any relevant code docs.
- [ ] Run `pre-commit` hooks and fix any issues.
- [ ] Run `pytest` and `tox`, no tests failed.
16 changes: 7 additions & 9 deletions .github/workflows/lock.yaml
Original file line number Diff line number Diff line change
@@ -1,25 +1,23 @@
name: 'Lock threads'
# Lock closed issues that have not received any further activity for
# two weeks. This does not close open issues, only humans may do that.
# We find that it is easier to respond to new issues with fresh examples
# rather than continuing discussions on old issues.
name: Lock inactive closed issues
# Lock closed issues that have not received any further activity for two weeks.
# This does not close open issues, only humans may do that. It is easier to
# respond to new issues with fresh examples rather than continuing discussions
# on old issues.

on:
schedule:
- cron: '0 0 * * *'

permissions:
issues: write
pull-requests: write

concurrency:
group: lock

jobs:
lock:
runs-on: ubuntu-latest
steps:
- uses: dessant/lock-threads@be8aa5be94131386884a6da4189effda9b14aa21
- uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5.0.1
with:
issue-inactive-days: 14
pr-inactive-days: 14
discussion-inactive-days: 14
29 changes: 15 additions & 14 deletions .github/workflows/publish.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,12 @@ jobs:
outputs:
hash: ${{ steps.hash.outputs.hash }}
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
- uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: '3.x'
cache: 'pip'
cache-dependency-path: 'requirements/*.txt'
cache: pip
cache-dependency-path: requirements*/*.txt
- run: pip install -r requirements/build.txt
# Use the commit date instead of the current date during the build.
- run: echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
Expand All @@ -23,11 +23,11 @@ jobs:
- name: generate hash
id: hash
run: cd dist && echo "hash=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
path: ./dist
provenance:
needs: ['build']
needs: [build]
permissions:
actions: read
id-token: write
Expand All @@ -39,12 +39,12 @@ jobs:
create-release:
# Upload the sdist, wheels, and provenance to a GitHub release. They remain
# available as build artifacts for a while as well.
needs: ['provenance']
needs: [provenance]
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
- name: create release
run: >
gh release create --draft --repo ${{ github.repository }}
Expand All @@ -53,20 +53,21 @@ jobs:
env:
GH_TOKEN: ${{ github.token }}
publish-pypi:
needs: ['provenance']
needs: [provenance]
# Wait for approval before attempting to upload to PyPI. This allows reviewing the
# files in the draft release.
environment: 'publish'
environment:
name: publish
url: https://pypi.org/project/Werkzeug/${{ github.ref_name }}
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
# Try uploading to Test PyPI first, in case something fails.
- uses: pypa/gh-action-pypi-publish@b7f401de30cb6434a1e19f805ff006643653240e
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
- uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14
with:
repository-url: https://test.pypi.org/legacy/
packages-dir: artifact/
- uses: pypa/gh-action-pypi-publish@b7f401de30cb6434a1e19f805ff006643653240e
- uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14
with:
packages-dir: artifact/
51 changes: 29 additions & 22 deletions .github/workflows/tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,42 +9,49 @@ on:
- '*.md'
- '*.rst'
pull_request:
branches:
- main
- '*.x'
paths-ignore:
- 'docs/**'
- '*.md'
- '*.rst'
jobs:
tests:
name: ${{ matrix.name }}
runs-on: ${{ matrix.os }}
name: ${{ matrix.name || matrix.python }}
runs-on: ${{ matrix.os || 'ubuntu-latest' }}
strategy:
fail-fast: false
matrix:
include:
- {name: Linux, python: '3.11', os: ubuntu-latest, tox: py311}
- {name: Windows, python: '3.11', os: windows-latest, tox: py311}
- {name: Mac, python: '3.11', os: macos-latest, tox: py311}
- {name: '3.12-dev', python: '3.12-dev', os: ubuntu-latest, tox: py312}
- {name: '3.10', python: '3.10', os: ubuntu-latest, tox: py310}
- {name: '3.9', python: '3.9', os: ubuntu-latest, tox: py39}
- {name: '3.8', python: '3.8', os: ubuntu-latest, tox: py38}
- {name: 'PyPy', python: 'pypy-3.10', os: ubuntu-latest, tox: pypy310}
- {name: Typing, python: '3.11', os: ubuntu-latest, tox: typing}
- {python: '3.12'}
- {name: Windows, python: '3.12', os: windows-latest}
- {name: Mac, python: '3.12', os: macos-latest}
- {python: '3.11'}
- {python: '3.10'}
- {python: '3.9'}
- {python: '3.8'}
- {name: PyPy, python: 'pypy-3.10', tox: pypy310}
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
- uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: ${{ matrix.python }}
cache: 'pip'
cache-dependency-path: 'requirements/*.txt'
allow-prereleases: true
cache: pip
cache-dependency-path: requirements*/*.txt
- run: pip install tox
- run: tox run -e ${{ matrix.tox || format('py{0}', matrix.python) }}
typing:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: '3.x'
cache: pip
cache-dependency-path: requirements*/*.txt
- name: cache mypy
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: ./.mypy_cache
key: mypy|${{ matrix.python }}|${{ hashFiles('pyproject.toml') }}
if: matrix.tox == 'typing'
key: mypy|${{ hashFiles('pyproject.toml') }}
- run: pip install tox
- run: tox run -e ${{ matrix.tox }}
- run: tox run -e typing
10 changes: 5 additions & 5 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
.idea/
.vscode/
.venv*/
venv*/
__pycache__/
dist/
.coverage*
htmlcov/
.pytest_cache/
.tox/
.coverage
.coverage.*
htmlcov/
docs/_build/
dist/
venv/
4 changes: 2 additions & 2 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@ ci:
autoupdate_schedule: monthly
repos:
- repo: https://github.com/astral-sh/ruff-pre-commit
rev: v0.1.5
rev: v0.3.5
hooks:
- id: ruff
- id: ruff-format
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
rev: v4.6.0
hooks:
- id: check-merge-conflict
- id: debug-statements
Expand Down
4 changes: 2 additions & 2 deletions .readthedocs.yaml
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
version: 2
build:
os: ubuntu-20.04
os: ubuntu-22.04
tools:
python: "3.10"
python: '3.12'
python:
install:
- requirements: requirements/docs.txt
Expand Down
4 changes: 2 additions & 2 deletions CHANGES.rst
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ Version 3.0.1
Released 2023-10-24

- Fix slow multipart parsing for large parts potentially enabling DoS
attacks. :cwe:`CWE-407`
attacks.

Version 3.0.0
-------------
Expand All @@ -44,7 +44,7 @@ Version 2.3.8
Released 2023-11-08

- Fix slow multipart parsing for large parts potentially enabling DoS
attacks. :cwe:`CWE-407`
attacks.


Version 2.3.7
Expand Down
File renamed without changes.
Loading