profile
viewpoint

goodwillcoding/configme 5

ConfigMe is a small, fast, down-to-earth, open source Python config generation framework and command line utility. It makes generation or real-world configuration files and deployment more fun, more predictable, and more productive.

goodwillcoding/artly 2

Welcome to Artly - Automated Repository Tool

goodwillcoding/acme-code 0

Gnome Shell Extensions etc...

goodwillcoding/anoise-indicator 0

Anoise AppIndicator

goodwillcoding/cartman 0

Command line Trac tools

goodwillcoding/deform 0

A Python HTML form library.

pull request commentPylons/trypyramid.com

Add pyramid-tasks to addons page.

Thank you!

luhn

comment created time in 12 days

push eventPylons/trypyramid.com

Theron Luhn

commit sha a3b47fdf8c097f40e9c2f2e2efc9d226fc401b87

Add pyramid-tasks to addons page.

view details

Steve Piercy

commit sha 98f6015abb3965d1cb1cca974c26248d8c74d85c

Merge pull request #296 from luhn/pyramid-tasks Add pyramid-tasks to addons page.

view details

push time in 12 days

PR opened Pylons/trypyramid.com

Add pyramid-tasks to addons page.
+13 -0

0 comment

1 changed file

pr created time in 12 days

delete branch socalpython/SoCalPython.org

delete branch : master

delete time in 22 days

create barnchsocalpython/SoCalPython.org

branch : main

created branch time in 22 days

delete branch socalpython/SoCalPython.org

delete branch : dependabot/pip/cryptography-3.2

delete time in 22 days

push eventsocalpython/SoCalPython.org

dependabot[bot]

commit sha 75dc14f770ee2988316aafd2107c585fa729b4cd

Bump cryptography from 2.6.1 to 3.2 Bumps [cryptography](https://github.com/pyca/cryptography) from 2.6.1 to 3.2. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/2.6.1...3.2) Signed-off-by: dependabot[bot] <support@github.com>

view details

Nik Kantar

commit sha ed139c0b5901a18e29d73be632fb56d5211db814

Merge pull request #10 from socalpython/dependabot/pip/cryptography-3.2 Bump cryptography from 2.6.1 to 3.2

view details

push time in 22 days

PR merged socalpython/SoCalPython.org

Bump cryptography from 2.6.1 to 3.2 dependencies

⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.


Bumps cryptography from 2.6.1 to 3.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst">cryptography's changelog</a>.</em></p> <blockquote> <p>3.2 - 2020-10-25</p> <pre><code>

  • SECURITY ISSUE: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability and a future release will contain a new API which is designed to be resilient to these for contexts where it is required. Credit to Hubert Kario for reporting the issue. CVE-2020-25659
  • Support for OpenSSL 1.0.2 has been removed. Users on older version of OpenSSL will need to upgrade.
  • Added basic support for PKCS7 signing (including SMIME) via :class:~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder. <p>.. _v3-1-1:</p> <p>3.1.1 - 2020-09-22 </code></pre></p> <ul> <li>Updated Windows, macOS, and <code>manylinux</code> wheels to be compiled with OpenSSL 1.1.1h.</li> </ul> <p>.. _v3-1:</p> <p>3.1 - 2020-08-26</p> <pre><code>
  • BACKWARDS INCOMPATIBLE: Removed support for idna based :term:U-label parsing in various X.509 classes. This support was originally deprecated in version 2.1 and moved to an extra in 2.5.
  • Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by the OpenSSL project. The next version of cryptography will drop support for it.
  • Deprecated support for Python 3.5. This version sees very little use and will be removed in the next release.
  • backend arguments to functions are no longer required and the default backend will automatically be selected if no backend is provided.
  • Added initial support for parsing certificates from PKCS7 files with :func:~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates and :func:~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates .
  • Calling update or update_into on :class:~cryptography.hazmat.primitives.ciphers.CipherContext with data longer than 2\ :sup:31 bytes no longer raises an OverflowError. This also resolves the same issue in :doc:/fernet. <p>.. _v3-0:</p> <p>3.0 - 2020-07-20 </tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyca/cryptography/commit/c9e65222c91df8b6f61650a3460e30232962c1e0"><code>c9e6522</code></a> 3.2 release (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5508">#5508</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494"><code>58494b4</code></a> Attempt to mitigate Bleichenbacher attacks on RSA decryption (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5507">#5507</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/cf9bd6a36bc7b05abca114b76e216598d9ad9b16"><code>cf9bd6a</code></a> move blinding to <strong>init</strong> on both RSA public and private (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5506">#5506</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/bf4b962f4b92a1633835b2d17974f18de2d61620"><code>bf4b962</code></a> be more verbose in the 102 deprecation notice (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5505">#5505</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/ada53e7ca0f04a33711c330a130d34376e5ecc2b"><code>ada53e7</code></a> make the regexes for branches more strict (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5504">#5504</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/8be1d4b1113eabea306dd60ab64e7f00815d6a52"><code>8be1d4b</code></a> Stop using <a href="https://github.com/master">@master</a> for GH actions (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5503">#5503</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/08a97cca715ca0842d6792d0079e351efbb48ec9"><code>08a97cc</code></a> Bump actions/upload-artifact from v1 to v2.2.0 (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5502">#5502</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/52a0e44e97dd6e150509b14c9b1f76a261f12786"><code>52a0e44</code></a> Add a dependabot configuration to bump our github actions (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5501">#5501</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/611c4a340f6c53a7e28a9695a3248bd4e9f8558d"><code>611c4a3</code></a> PKCS7SignatureBuilder now supports new option NoCerts when signing (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5500">#5500</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/836a92a28fbe9df8c37121e340b91ed9cd519ddd"><code>836a92a</code></a> chunking didn't actually work (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5499">#5499</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pyca/cryptography/compare/2.6.1...3.2">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+109 -88

1 comment

1 changed file

dependabot[bot]

pr closed time in 22 days

push eventsocalpython/SoCalPython.org

dependabot[bot]

commit sha fd90deb30e57e9d043e9984f17f34e9f57f2621f

Bump werkzeug from 0.15.2 to 0.15.3 Bumps [werkzeug](https://github.com/pallets/werkzeug) from 0.15.2 to 0.15.3. - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/master/CHANGES.rst) - [Commits](https://github.com/pallets/werkzeug/compare/0.15.2...0.15.3) Signed-off-by: dependabot[bot] <support@github.com>

view details

Nik Kantar

commit sha 47b1c793152c8ea9940185aa883f69ca43cf4479

Merge pull request #9 from socalpython/dependabot/pip/werkzeug-0.15.3 Bump werkzeug from 0.15.2 to 0.15.3

view details

dependabot[bot]

commit sha 75dc14f770ee2988316aafd2107c585fa729b4cd

Bump cryptography from 2.6.1 to 3.2 Bumps [cryptography](https://github.com/pyca/cryptography) from 2.6.1 to 3.2. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/2.6.1...3.2) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in 22 days

pull request commentsocalpython/SoCalPython.org

Bump cryptography from 2.6.1 to 3.2

@dependabot rebase

dependabot[bot]

comment created time in 22 days

delete branch socalpython/SoCalPython.org

delete branch : dependabot/pip/werkzeug-0.15.3

delete time in 22 days

push eventsocalpython/SoCalPython.org

dependabot[bot]

commit sha fd90deb30e57e9d043e9984f17f34e9f57f2621f

Bump werkzeug from 0.15.2 to 0.15.3 Bumps [werkzeug](https://github.com/pallets/werkzeug) from 0.15.2 to 0.15.3. - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/master/CHANGES.rst) - [Commits](https://github.com/pallets/werkzeug/compare/0.15.2...0.15.3) Signed-off-by: dependabot[bot] <support@github.com>

view details

Nik Kantar

commit sha 47b1c793152c8ea9940185aa883f69ca43cf4479

Merge pull request #9 from socalpython/dependabot/pip/werkzeug-0.15.3 Bump werkzeug from 0.15.2 to 0.15.3

view details

push time in 22 days

PR merged socalpython/SoCalPython.org

Bump werkzeug from 0.15.2 to 0.15.3 dependencies

Bumps werkzeug from 0.15.2 to 0.15.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/werkzeug/releases">werkzeug's releases</a>.</em></p> <blockquote> <h2>0.15.3</h2> <ul> <li>Blog: <a href="https://palletsprojects.com/blog/werkzeug-0-15-3-released/">https://palletsprojects.com/blog/werkzeug-0-15-3-released/</a></li> <li>Changes: <a href="https://werkzeug.palletsprojects.com/en/0.15.x/changes/#version-0-15-3">https://werkzeug.palletsprojects.com/en/0.15.x/changes/#version-0-15-3</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/werkzeug/blob/master/CHANGES.rst">werkzeug's changelog</a>.</em></p> <blockquote> <h2>Version 0.15.3</h2> <p>Released 2019-05-14</p> <ul> <li>Properly handle multi-line header folding in development server in Python 2.7. (:issue:<code>1080</code>)</li> <li>Restore the <code>response</code> argument to :exc:<code>~exceptions.Unauthorized</code>. (:pr:<code>1527</code>)</li> <li>:exc:<code>~exceptions.Unauthorized</code> doesn't add the <code>WWW-Authenticate</code> header if <code>www_authenticate</code> is not given. (:issue:<code>1516</code>)</li> <li>The default URL converter correctly encodes bytes to string rather than representing them with <code>b''</code>. (:issue:<code>1502</code>)</li> <li>Fix the filename format string in :class:<code>~middleware.profiler.ProfilerMiddleware</code> to correctly handle float values. (:issue:<code>1511</code>)</li> <li>Update :class:<code>~middleware.lint.LintMiddleware</code> to work on Python 3. (:issue:<code>1510</code>)</li> <li>The debugger detects cycles in chained exceptions and does not time out in that case. (:issue:<code>1536</code>)</li> <li>When running the development server in Docker, the debugger security pin is now unique per container.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/werkzeug/commit/9b1123a779e95b5c38ca911ce1329e87a3348a92"><code>9b1123a</code></a> release version 0.15.3</li> <li><a href="https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246"><code>00bc43b</code></a> unique debugger pin in Docker containers</li> <li><a href="https://github.com/pallets/werkzeug/commit/2cbdf2b02273daccf85845b1e1569096e65ffe58"><code>2cbdf2b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/werkzeug/issues/1542">#1542</a> from asottile/exceptions_arent_always_hashable</li> <li><a href="https://github.com/pallets/werkzeug/commit/0e669f6be532801267d35de23c5f5237b8406d8a"><code>0e669f6</code></a> Fix unhashable exception types</li> <li><a href="https://github.com/pallets/werkzeug/commit/bdc17e4cd10bbb17449006cef385ec953a11fc36"><code>bdc17e4</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/werkzeug/issues/1540">#1540</a> from pallets/break-tb-cycle</li> <li><a href="https://github.com/pallets/werkzeug/commit/44e38c2985bcd3a7c17467bead901b8f36528f5f"><code>44e38c2</code></a> break cycle in chained exceptions</li> <li><a href="https://github.com/pallets/werkzeug/commit/777500b64647ea47b21e52e5e113ba1d86014c05"><code>777500b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/werkzeug/issues/1518">#1518</a> from NiklasMM/fix/1510_lint-middleware-python3-compa...</li> <li><a href="https://github.com/pallets/werkzeug/commit/e00c7c2cedcbcad3772e4522813c78bc9a860fbe"><code>e00c7c2</code></a> Make LintMiddleware Python 3 compatible and add tests</li> <li><a href="https://github.com/pallets/werkzeug/commit/d590cc7cf2fcb34ebc0783eb3c2913e8ce016ed8"><code>d590cc7</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/werkzeug/issues/1539">#1539</a> from pallets/profiler-format</li> <li><a href="https://github.com/pallets/werkzeug/commit/0388fc95e696513bbefbde293f3f76cc482df8fa"><code>0388fc9</code></a> update filename_format for ProfilerMiddleware.</li> <li>Additional commits viewable in <a href="https://github.com/pallets/werkzeug/compare/0.15.2...0.15.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+97 -120

0 comment

1 changed file

dependabot[bot]

pr closed time in 22 days

issue commentPylons/pyramid_openapi3

when mounting the entire pyramid application at a subpath it's difficult to coordinate that with the api explorer

Does anything on https://swagger.io/docs/specification/api-host-and-base-path/ help? I'm eager to support your use case as long as we play by the OpenAPI specification rules.

mmerickel

comment created time in a month

issue commentPylons/pyramid_openapi3

when mounting the entire pyramid application at a subpath it's difficult to coordinate that with the api explorer

Well other than these issues I've opened, my entire codebase is agnostic to the location in which it's deployed and as I stated here the api explorer/yaml are unusable by apps in its current form and in #104 it's unable to validate the api endpoints relative to the app.

mmerickel

comment created time in a month

issue commentPylons/pyramid_openapi3

when mounting the entire pyramid application at a subpath it's difficult to coordinate that with the api explorer

Fixing this issue would make the document and explorer usable - right now I have to hardcode into my openapi.yaml document that the server url is actually url: /prefix/api.

I think this is the correct approach? Looking from the API consumer/user perspective, I don't care what the backend configuration is, I expect the API to be at the exact URL given in the openapi.yaml file.

Or am I misunderstanding what you are trying to say?

mmerickel

comment created time in a month

issue openedPylons/pyramid_openapi3

when mounting the entire pyramid application at a subpath it's difficult to coordinate that with the api explorer

The api explorer is great but it is not dealing with server urls well.

Let's say I have a document like

openapi: '3.0.3'
info:
servers:
  - url: /api
paths:
  /init-app:
    get:
      description: >
        Get some initial data for bootstrapping the static site.
      responses:
        '200':
          description: >
            Initial data for the static site.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InitApp'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'

This document is effectively indicating that /api/init-app is an endpoint. Now if I mount my Pyramid application at /prefix (wsgi script_name) then I expect the api explorer and yaml file to be updated to reflect this situation.... for example the server url would be /prefix/api and the endpoint is /prefix/api/init-app.

Fixing this issue would make the document and explorer usable - right now I have to hardcode into my openapi.yaml document that the server url is actually url: /prefix/api.

created time in a month

issue openedPylons/pyramid_openapi3

endpoint validation completely fails if the app is mounted at a subpath

I have an openapi.yaml defined with endpoints like /foo, /bar, etc. I then invoke

    config.pyramid_openapi3_spec(spec_path, route='/api/openapi.yaml')
    config.pyramid_openapi3_add_explorer('/api/')

and I mount my routes at /api/foo, /api/bar, etc. There doesn't seem to be a way to coordinate these such that everyone is happy because pyramid_openapi3 is expecting the api document paths to be relative to the root of the application and there's no way to tell pyramid_openapi3 that I'm actually mounting the routes/spec at a subpath inside the application.

created time in a month

push eventPylons/trypyramid.com

dependabot[bot]

commit sha 39ec8507977b02ed8b2487bd960d00a076a01188

Bump ini from 1.3.5 to 1.3.8 Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8. - [Release notes](https://github.com/isaacs/ini/releases) - [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.8) Signed-off-by: dependabot[bot] <support@github.com>

view details

Steve Piercy

commit sha 3f87a5b9ab05495947f00628fc022c5c1115b799

Merge pull request #295 from Pylons/dependabot/npm_and_yarn/ini-1.3.8 Bump ini from 1.3.5 to 1.3.8

view details

push time in a month

delete branch Pylons/trypyramid.com

delete branch : dependabot/npm_and_yarn/ini-1.3.8

delete time in a month

PR merged Pylons/trypyramid.com

Bump ini from 1.3.5 to 1.3.8 dependencies

Bumps ini from 1.3.5 to 1.3.8. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/ini/commit/a2c5da86604bc2238fe393c5ff083bf23a9910eb"><code>a2c5da8</code></a> 1.3.8</li> <li><a href="https://github.com/npm/ini/commit/af5c6bb5dca6f0248c153aa87e25bddfc515ff6e"><code>af5c6bb</code></a> Do not use Object.create(null)</li> <li><a href="https://github.com/npm/ini/commit/8b648a1ac49e1b3b7686ea957e0b95e544bc6ec1"><code>8b648a1</code></a> don't test where our devdeps don't even work</li> <li><a href="https://github.com/npm/ini/commit/c74c8af35f32b801a7e82a8309eab792a95932f6"><code>c74c8af</code></a> 1.3.7</li> <li><a href="https://github.com/npm/ini/commit/024b8b55ac1c980c6225607b007714c54eb501ba"><code>024b8b5</code></a> update deps, add linting</li> <li><a href="https://github.com/npm/ini/commit/032fbaf5f0b98fce70c8cc380e0d05177a9c9073"><code>032fbaf</code></a> Use Object.create(null) to avoid default object property hazards</li> <li><a href="https://github.com/npm/ini/commit/2da90391ef70db41d10f013e3a87f9a8c5d01a72"><code>2da9039</code></a> 1.3.6</li> <li><a href="https://github.com/npm/ini/commit/cfea636f534b5ca7550d2c28b7d1a95d936d56c6"><code>cfea636</code></a> better git push script, before publish instead of after</li> <li><a href="https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1"><code>56d2805</code></a> do not allow invalid hazardous string as section name</li> <li>See full diff in <a href="https://github.com/isaacs/ini/compare/v1.3.5...v1.3.8">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~isaacs">isaacs</a>, a new releaser for ini since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in a month

push eventPylons/pyramid_openapi3

Nejc Zupan

commit sha e55ea8fd9ff8a7311059ef848bc4b8237866e0b8

Making sure all endpoints define at least the minimum common responses A common pitfall when using this package is the following: you define an endpoint that can result in 400 Bad Request, but you forget to list 400 in the `responses` section of your endpoint in openapi.yaml. This package then instead returns 500 Internal Server error, because it keeps the promise that only defined responses will be allowed (unless you set `enable_request_validation` to `False`, that is). With this commit, all endpoints, by default need to have 200, 400 and 500 on the list of `responses` in openapi.yaml, otherwise the app won't start. Additionally, all endpoints that accept a parameter, also need to have 404 on the list of `responses`. You can skip this check by setting `enable_endpoint_validation` to `False`. Refs https://github.com/Pylons/pyramid_openapi3/issues/22 Refs https://github.com/Pylons/pyramid_openapi3/issues/49#issuecomment-628699131 Refs https://github.com/Pylons/pyramid_openapi3/pull/36

view details

push time in a month

issue commentPylons/pyramid_openapi3

Enforce common responses

I've drafted how I want the "API" for this functionality to look & feel: https://github.com/Pylons/pyramid_openapi3/pull/103

Instead of requiring the openapi_responses.yaml file, I opted for sane defaults that can be overridden. In the case of the openapi_responses.yaml provided above, the configuration would look like this:

    config.endpoint_validation_overrides = 
    {
        "/user/logout": {"post": [202, 400, 500]},
        "/stores/{storeId}/backups/{backupId}/download:": {"post": [202, 400, 500]},
    }

It's not ideal to not be able to support endpoint_validation_overrides via .ini files. Anyone has a better idea?

zupo

comment created time in a month

PR opened Pylons/pyramid_openapi3

Making sure all endpoints define at least the minimum common responses

A common pitfall when using this package is the following: you define an endpoint that can result in 400 Bad Request, but you forget to list 400 in the responses section of your endpoint in openapi.yaml. This package then instead returns 500 Internal Server error, because it keeps the promise that only defined responses will be allowed (unless you set enable_request_validation to False, that is).

With this PR, all endpoints, by default need to have 200, 400 and 500 on the list of responses in openapi.yaml, otherwise the app won't start. Additionally, all endpoints that accept a parameter, also need to have 404 on the list of responses.

You can skip this check by setting enable_endpoint_validation to False.

Refs https://github.com/Pylons/pyramid_openapi3/issues/22 Refs https://github.com/Pylons/pyramid_openapi3/issues/49#issuecomment-628699131 Refs https://github.com/Pylons/pyramid_openapi3/pull/36

+33 -7

0 comment

3 changed files

pr created time in a month

create barnchPylons/pyramid_openapi3

branch : add/validate_common_responses

created branch time in a month

push eventPylons/pyramid_openapi3

Nejc Zupan

commit sha 60e803a04c77751f5fee5f0e2c86acfcc4cced5e

Update development environment to latest versions (#102) * Python 3.8 * dev dependencies * new-style pre-commit configuration

view details

push time in a month

PR merged Pylons/pyramid_openapi3

Update development environment to latest versions
  • Python 3.8
  • dev dependencies
  • new-style pre-commit configuration
+469 -409

0 comment

5 changed files

zupo

pr closed time in a month

PullRequestEvent

push eventPylons/pyramid_openapi3

Nejc Zupan

commit sha 091e29ab09136d35de30ade0d954f0c37ca7f3f2

Update development environment to latest versions * Python 3.8 * dev dependencies * new-style pre-commit configuration

view details

push time in a month

more