Christian
9e33a8f7c1
Bump to Version 1.5.1 ( #148 )
2022-05-11 14:43:23 -07:00
Christian
3fbc018ff8
Adding json-output for api-like functionality ( #147 )
...
* adding json-template for api-like functionality
* removing content-block
* adding test
* changing to flask.jsonify
* deleting template
* change from POST-param to Accept-Header
2022-04-11 12:37:19 -07:00
Jon Parise
4b1ee0cec1
Small wording tweaks to the expiration text
2021-12-20 13:05:51 -08:00
Arjen
654d03041b
Add expired explanation page ( #145 )
2021-12-20 13:05:14 -08:00
Omer Hamerman
40df900dc7
Allowing full host override ( #143 )
2021-07-29 10:39:47 -07:00
dependabot[bot]
89a90f4924
Merge pull request #139 from pinterest/dependabot/pip/jinja2-2.11.3
2021-03-19 22:24:12 +00:00
dependabot[bot]
188f0f6779
Bump jinja2 from 2.10.1 to 2.11.3
...
Bumps [jinja2](https://github.com/pallets/jinja ) from 2.10.1 to 2.11.3.
- [Release notes](https://github.com/pallets/jinja/releases )
- [Changelog](https://github.com/pallets/jinja/blob/master/CHANGES.rst )
- [Commits](https://github.com/pallets/jinja/compare/2.10.1...2.11.3 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-03-19 21:58:30 +00:00
dependabot[bot]
9916076100
Merge pull request #138 from pinterest/dependabot/pip/cryptography-3.3.2
2021-02-10 01:37:24 +00:00
dependabot[bot]
5dc2161a5d
Bump cryptography from 3.2 to 3.3.2
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 3.2 to 3.3.2.
- [Release notes](https://github.com/pyca/cryptography/releases )
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-10 01:36:07 +00:00
Jon Parise
a94e16802d
Note that Redis must be running
...
Also, fix Redis link syntax (for reStucturedText).
2021-01-12 13:47:28 -08:00
Jon Parise
6a349e83c0
Link to redis.io and bump Python requirement to 3.5+
2021-01-12 13:45:02 -08:00
dependabot[bot]
9ea826ef7c
Merge pull request #129 from pinterest/dependabot/pip/cryptography-3.2
2020-10-28 17:48:00 +00:00
dependabot[bot]
50ef7bef82
Bump cryptography from 2.3.1 to 3.2
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 2.3.1 to 3.2.
- [Release notes](https://github.com/pyca/cryptography/releases )
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/2.3.1...3.2 )
Signed-off-by: dependabot[bot] <support@github.com>
2020-10-27 21:00:15 +00:00
Jon Parise
feab2f69a5
Prepare the 1.5.0 release ( #127 )
2020-09-15 09:22:49 -07:00
Ron Klein
5c9d3bf3cf
properly parse NO_SSL env var ( #126 )
...
Bug fix:
The default for `NO_SSL` environment variable is `False`.
When the actual value, in runtime, is `True`, the code "ignores" it.
The reason: the code does not parse the given string. So it evaluates a non empty string as "True".
To resolve this, the suggested code parses the given string to a boolean value.
2020-09-14 08:57:13 -07:00
Yuru Shao
8a3a7f7c39
Bump version: 1.4.2 → 1.4.3 ( #123 )
2020-05-20 14:33:08 -07:00
Jon Parise
3d86f5395b
Use 'six' to import 'unquote' ( #122 )
2020-05-08 14:34:41 -07:00
Jon Parise
0ca032265a
Drop official support for Python 3.4 ( #121 )
...
Python 3.4 has reached end-of-life so remove it from the set of
officially supported Python versions.
2020-05-08 11:53:18 -07:00
Jeremiah Lee
2af7037feb
Adds option for two-week timeout. ( #120 )
...
Also includes:
- Updated the versions in the requirements, as MarkupSafe did not install cleanly.
- Integration test that sets a password via the website, and then
verifies the timeout on the backend.
- Basic Makefile, updates to the docs to use the Makefile.
The requirements file was updated using pip freeze after I had updated the version of MarkupSafe. I don't know what the usual process is for this repo, so please let me know if I should use a different process there (that is why there are a few additions).
2020-05-08 11:43:54 -07:00
Gabriel Saratura
9cb554ca7e
Update ADOPTERS.md ( #116 )
...
Add VSHN adopter
2019-12-24 07:28:42 -08:00
Samuel Dion-Girardeau
f377aa3ed2
Add support for Python 3.8 ( #115 )
...
* Remove Travis Python 3.7 hack
No longer necessary: 3.7 is supported out-of-the-box
* Add support for Python 3.8
And explicitly document in setup.py
* "Upgrade base Docker image to Python 3.8"a
* Add entry about py38 support in WIP changelog
* Explicitly declare python versions in setup.py
* Bump Werkzeug to 0.15.6
This is the latest 0.15 version. 0.16 might be incompatible
The fix we are looking for is in [0.15.5](http://werkzeug.palletsprojects.com/en/0.15.x/changes/#version-0-15-5 ):
> Fix a TypeError due to changes to ast.Module in Python 3.8.
2019-11-25 08:58:29 -08:00
Jon Parise
e49cd8963a
Mention Snappass.NET ( #114 )
...
Also clean up a few existing links.
2019-11-04 08:16:12 -08:00
dependabot[bot]
4acef097e8
Merge pull request #109 from pinterest/dependabot/pip/werkzeug-0.15.3
2019-08-21 20:59:41 +00:00
dependabot[bot]
b3e1068c01
Bump werkzeug from 0.14.1 to 0.15.3
...
Bumps [werkzeug](https://github.com/pallets/werkzeug ) from 0.14.1 to 0.15.3.
- [Release notes](https://github.com/pallets/werkzeug/releases )
- [Changelog](https://github.com/pallets/werkzeug/blob/master/CHANGES.rst )
- [Commits](https://github.com/pallets/werkzeug/compare/0.14.1...0.15.3 )
Signed-off-by: dependabot[bot] <support@github.com>
2019-08-21 16:50:22 +00:00
Jon Parise
28d9e1e089
Move to version 1.5.0 (in development)
...
Also start the changelog for this next release.
2019-08-09 14:40:07 -07:00
vin01
5747ee2d14
Add url prefix for reverse proxies ( #106 )
2019-08-09 14:07:49 -07:00
vin01
054c61ae89
Migrate to fakeredis from mockredispy ( #108 )
2019-08-09 08:37:03 -07:00
Nicholas Charriere
f7fbb4575c
Merge pull request #104 from pinterest/new-release-142
...
Prepare for release: 1.4.2
2019-06-10 08:49:03 -07:00
Nicholas Charriere
234f43b889
Bump version: 1.4.1 → 1.4.2
2019-06-05 08:18:28 -07:00
Nicholas Charriere
e0b996d3d3
Make current version correct
2019-06-02 12:36:43 -07:00
Nicholas Charriere
6e6612cd49
Remove duplicate bumpversion config
2019-06-02 12:34:14 -07:00
Nicholas Charriere
f0f2c9d5d8
Merge pull request #103 from pinterest/autocomplete-off-and-required-textarea
...
Set autocomplete=off on form to avoid back history; make textarea field required
2019-06-01 11:56:02 -07:00
Nicholas Charriere
37f5d2b658
Set autocomplete=off on form to avoid back history; make textarea required
2019-06-01 09:34:58 -07:00
Jon Parise
2aa7272a59
Upgrade to Jinja2 2.10.1 ( #101 )
...
This patch release fixes a security issue (CVE-2019-10906) involving
str.format_map.
2019-04-12 13:26:46 -07:00
Lauri Lubi
1ac262e34e
Bots that prefetch should not destroy the secret ( #100 )
...
* Create preview view, remove sneaky-user-agents logic
* unit tests
* rename openSecret to viewSecret
* code clean-up and style
* rename view secret to reveal secret
* update authors list
* bump version to 1.5.0
2019-03-05 07:47:07 -08:00
Jon Parise
d4c96cf58a
Merge pull request #99 from jameswthorne/readme-fixes
...
README fixes
2019-01-16 12:47:25 -08:00
James W Thorne
3fc5d2b864
README fixes
2019-01-16 08:11:56 -06:00
Jon Parise
ecebbcb71f
Merge pull request #98 from brennentsmith/patch-1
...
Add Ookla/Speedtest.net to adopters
2018-12-21 10:27:29 -08:00
Brennen Smith
0c77baa581
Add Ookla to adopters
...
We have used snappass since it was first open sourced, and everyone in the organization loves it. Not sure about the A-Z ordering WRT to Pinterest, it feels like you should be on top since it's your project.
2018-12-21 10:21:28 -08:00
Jon Parise
52aefd6ce3
Merge pull request #97 from pinterest/prepare-1.4.1
...
Prepare the 1.4.1 release
2018-10-31 17:54:14 -05:00
Jon Parise
0bd2b4e8d9
Prepare the 1.4.1 release
...
- Update the changelog
- Include our Code of Conduct and Adopters documents
2018-10-31 15:50:49 -07:00
Jon Parise
95c9ecc7d0
Merge pull request #96 from pinterest/python-3.7
...
Build on Python 3.7 and cache pip artifacts
2018-10-31 13:18:13 -05:00
Jon Parise
166a73b0dd
Only build on the master branch
...
PR branches will still be built and tested.
2018-10-31 11:03:42 -07:00
Jon Parise
5894033692
Build on Python 3.7 and cache pip artifacts
...
This uses the well-established workaround to get Python 3.7 working on
Travis.
2018-10-31 10:53:18 -07:00
Jon Parise
7eee21f413
Merge pull request #95 from pinterest/cryptography-2.3.1
...
Upgrade to cryptography 2.3.1
2018-10-31 12:51:05 -05:00
Jon Parise
30db653f14
Upgrade to cryptography 2.3.1
...
This addresses CVE-2018-10903:
A flaw was found in python-cryptography versions between >=1.9.0 and
<2.3. The finalize_with_tag API did not enforce a minimum tag
length. If a user did not validate the input length prior to passing
it to finalize_with_tag an attacker could craft an invalid payload
with a shortened tag (e.g. 1 byte) such that they would have a 1 in
256 chance of passing the MAC check. GCM tag forgeries can cause key
leakage.
... although snappass isn't affected because we doesn't use the
vulnerable `finalize_with_tag` API.
2018-10-31 09:39:18 -07:00
Nicholas Charriere
06149b81e8
Merge pull request #94 from gstackio/fix-restructured-text-syntax
...
Fix reST syntax for fixed-with text
2018-08-12 18:09:57 -07:00
Benjamin Gandon
921492733b
Fix reST syntax for fixed-with text
2018-08-12 23:45:49 +02:00
Nicholas Charriere
2b53eed348
Merge pull request #90 from samueldg/feature/support-python37
...
Feature/support python37
2018-07-15 20:12:20 -07:00
Samuel Dion-Girardeau
867dc24f83
Temporarily disable Python 3.7 from Travis build
...
Currently Travis doesn't support Python 3.7 yet,
but this should be addressed soon:
https://github.com/travis-ci/travis-ci/issues/9815
2018-07-14 16:28:15 -04:00