Commit graph

355 commits

Author SHA1 Message Date
Ron Klein
5c9d3bf3cf
properly parse NO_SSL env var (#126)
Bug fix:
The default for `NO_SSL` environment variable is `False`.
When the actual value, in runtime, is `True`, the code "ignores" it.
The reason: the code does not parse the given string. So it evaluates a non empty string as "True".
To resolve this, the suggested code parses the given string to a boolean value.
2020-09-14 08:57:13 -07:00
Yuru Shao
8a3a7f7c39
Bump version: 1.4.2 → 1.4.3 (#123) 2020-05-20 14:33:08 -07:00
Jon Parise
3d86f5395b
Use 'six' to import 'unquote' (#122) 2020-05-08 14:34:41 -07:00
Jon Parise
0ca032265a
Drop official support for Python 3.4 (#121)
Python 3.4 has reached end-of-life so remove it from the set of
officially supported Python versions.
2020-05-08 11:53:18 -07:00
Jeremiah Lee
2af7037feb
Adds option for two-week timeout. (#120)
Also includes:

- Updated the versions in the requirements, as MarkupSafe did not install cleanly.
- Integration test that sets a password via the website, and then
verifies the timeout on the backend.
- Basic Makefile, updates to the docs to use the Makefile.

The requirements file was updated using pip freeze after I had updated the version of MarkupSafe. I don't know what the usual process is for this repo, so please let me know if I should use a different process there (that is why there are a few additions).
2020-05-08 11:43:54 -07:00
Gabriel Saratura
9cb554ca7e Update ADOPTERS.md (#116)
Add VSHN adopter
2019-12-24 07:28:42 -08:00
Samuel Dion-Girardeau
f377aa3ed2 Add support for Python 3.8 (#115)
* Remove Travis Python 3.7 hack

No longer necessary: 3.7 is supported out-of-the-box

* Add support for Python 3.8

And explicitly document in setup.py

* "Upgrade base Docker image to Python 3.8"a

* Add entry about py38 support in WIP changelog

* Explicitly declare python versions in setup.py

* Bump Werkzeug to 0.15.6

This is the latest 0.15 version. 0.16 might be incompatible

The fix we are looking for is in [0.15.5](http://werkzeug.palletsprojects.com/en/0.15.x/changes/#version-0-15-5):

> Fix a TypeError due to changes to ast.Module in Python 3.8.
2019-11-25 08:58:29 -08:00
Jon Parise
e49cd8963a
Mention Snappass.NET (#114)
Also clean up a few existing links.
2019-11-04 08:16:12 -08:00
dependabot[bot]
4acef097e8
Merge pull request #109 from pinterest/dependabot/pip/werkzeug-0.15.3 2019-08-21 20:59:41 +00:00
dependabot[bot]
b3e1068c01
Bump werkzeug from 0.14.1 to 0.15.3
Bumps [werkzeug](https://github.com/pallets/werkzeug) from 0.14.1 to 0.15.3.
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/master/CHANGES.rst)
- [Commits](https://github.com/pallets/werkzeug/compare/0.14.1...0.15.3)

Signed-off-by: dependabot[bot] <support@github.com>
2019-08-21 16:50:22 +00:00
Jon Parise
28d9e1e089 Move to version 1.5.0 (in development)
Also start the changelog for this next release.
2019-08-09 14:40:07 -07:00
vin01
5747ee2d14 Add url prefix for reverse proxies (#106) 2019-08-09 14:07:49 -07:00
vin01
054c61ae89 Migrate to fakeredis from mockredispy (#108) 2019-08-09 08:37:03 -07:00
Nicholas Charriere
f7fbb4575c
Merge pull request #104 from pinterest/new-release-142
Prepare for release: 1.4.2
2019-06-10 08:49:03 -07:00
Nicholas Charriere
234f43b889 Bump version: 1.4.1 → 1.4.2 2019-06-05 08:18:28 -07:00
Nicholas Charriere
e0b996d3d3 Make current version correct 2019-06-02 12:36:43 -07:00
Nicholas Charriere
6e6612cd49 Remove duplicate bumpversion config 2019-06-02 12:34:14 -07:00
Nicholas Charriere
f0f2c9d5d8
Merge pull request #103 from pinterest/autocomplete-off-and-required-textarea
Set autocomplete=off on form to avoid back history; make textarea field required
2019-06-01 11:56:02 -07:00
Nicholas Charriere
37f5d2b658 Set autocomplete=off on form to avoid back history; make textarea required 2019-06-01 09:34:58 -07:00
Jon Parise
2aa7272a59
Upgrade to Jinja2 2.10.1 (#101)
This patch release fixes a security issue (CVE-2019-10906) involving
str.format_map.
2019-04-12 13:26:46 -07:00
Lauri Lubi
1ac262e34e Bots that prefetch should not destroy the secret (#100)
* Create preview view, remove sneaky-user-agents logic

* unit tests

* rename openSecret to viewSecret

* code clean-up and style

* rename view secret to reveal secret

* update authors list

* bump version to 1.5.0
2019-03-05 07:47:07 -08:00
Jon Parise
d4c96cf58a
Merge pull request #99 from jameswthorne/readme-fixes
README fixes
2019-01-16 12:47:25 -08:00
James W Thorne
3fc5d2b864 README fixes 2019-01-16 08:11:56 -06:00
Jon Parise
ecebbcb71f
Merge pull request #98 from brennentsmith/patch-1
Add Ookla/Speedtest.net to adopters
2018-12-21 10:27:29 -08:00
Brennen Smith
0c77baa581
Add Ookla to adopters
We have used snappass since it was first open sourced, and everyone in the organization loves it. Not sure about the A-Z ordering WRT to Pinterest, it feels like you should be on top since it's your project.
2018-12-21 10:21:28 -08:00
Jon Parise
52aefd6ce3
Merge pull request #97 from pinterest/prepare-1.4.1
Prepare the 1.4.1 release
2018-10-31 17:54:14 -05:00
Jon Parise
0bd2b4e8d9 Prepare the 1.4.1 release
- Update the changelog
- Include our Code of Conduct and Adopters documents
2018-10-31 15:50:49 -07:00
Jon Parise
95c9ecc7d0
Merge pull request #96 from pinterest/python-3.7
Build on Python 3.7 and cache pip artifacts
2018-10-31 13:18:13 -05:00
Jon Parise
166a73b0dd Only build on the master branch
PR branches will still be built and tested.
2018-10-31 11:03:42 -07:00
Jon Parise
5894033692 Build on Python 3.7 and cache pip artifacts
This uses the well-established workaround to get Python 3.7 working on
Travis.
2018-10-31 10:53:18 -07:00
Jon Parise
7eee21f413
Merge pull request #95 from pinterest/cryptography-2.3.1
Upgrade to cryptography 2.3.1
2018-10-31 12:51:05 -05:00
Jon Parise
30db653f14 Upgrade to cryptography 2.3.1
This addresses CVE-2018-10903:

    A flaw was found in python-cryptography versions between >=1.9.0 and
    <2.3. The finalize_with_tag API did not enforce a minimum tag
    length. If a user did not validate the input length prior to passing
    it to finalize_with_tag an attacker could craft an invalid payload
    with a shortened tag (e.g. 1 byte) such that they would have a 1 in
    256 chance of passing the MAC check. GCM tag forgeries can cause key
    leakage.

... although snappass isn't affected because we doesn't use the
vulnerable `finalize_with_tag` API.
2018-10-31 09:39:18 -07:00
Nicholas Charriere
06149b81e8
Merge pull request #94 from gstackio/fix-restructured-text-syntax
Fix reST syntax for fixed-with text
2018-08-12 18:09:57 -07:00
Benjamin Gandon
921492733b Fix reST syntax for fixed-with text 2018-08-12 23:45:49 +02:00
Nicholas Charriere
2b53eed348
Merge pull request #90 from samueldg/feature/support-python37
Feature/support python37
2018-07-15 20:12:20 -07:00
Samuel Dion-Girardeau
867dc24f83 Temporarily disable Python 3.7 from Travis build
Currently Travis doesn't support Python 3.7 yet,
but this should be addressed soon:

    https://github.com/travis-ci/travis-ci/issues/9815
2018-07-14 16:28:15 -04:00
Samuel Dion-Girardeau
0f1cc0900c Align docs with actual base image pulled 2018-07-12 21:54:54 -04:00
Samuel Dion-Girardeau
73c220be97 Update Docker image to Python 3.7 (current latest)
Also used the "slim" version, which will drastically reduce the
image size.

Base image sizes comparison:

| python:3.7-slim | 143MB |
| python:3.7      | 916MB |
2018-07-12 21:27:32 -04:00
Samuel Dion-Girardeau
59196bea40 Update Trove classifier to include Python 3.7 2018-07-12 21:25:10 -04:00
Samuel Dion-Girardeau
2c334fc19f Update tests to run using Python 3.7 2018-07-12 21:24:27 -04:00
Samuel Dion-Girardeau
5981884cd2 Update all Python requirements to latest stable
All PyPI packages now have the latest version available.
2018-07-12 21:23:25 -04:00
Nicholas Charriere
b45312c650
Merge pull request #89 from brennentsmith/master
Use local assets for fontawesome for isolated environments.
2018-07-07 10:47:52 -07:00
Brennen Smith
25e10ef8a1 Use local assets for fontawesome for isolated environments.
Currently FontAwesome uses Cloudflare to serve font assets, however all
of the other assets are delivered locally. This standardizes the assets
to use all local assets from `/static/`.
2018-07-05 16:43:14 -07:00
Nicholas Charriere
798f358ed6
Merge pull request #88 from pinterest/new-release-140
New release 140
2018-07-03 08:38:07 -07:00
Nicholas Charriere
fb9974cbd5 Add changelog for 1.4.0 2018-07-03 08:30:22 -07:00
Nicholas Charriere
04ead0da32 Bump version: 1.3.0 → 1.4.0 2018-07-03 08:22:23 -07:00
Nicholas Charriere
47565b3831
Merge pull request #87 from pinterest/prefix-redis
Add prefix to redis
2018-07-03 08:13:35 -07:00
Nicholas Charriere
76962f8d8c Add REDIS_PREFIX documentation 2018-07-01 10:25:55 -07:00
Nicholas Charriere
386a378c5d Add prefix to memcache 2018-07-01 10:19:56 -07:00
Nicholas Charriere
a42815d17e
Merge pull request #84 from pinterest/shameless-hiring-plug
Add hiring plug in readme
2018-06-16 10:17:16 -07:00