vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
36841 commits 1 branch 0 tags 587 MiB
Commit graph

238 commits

Author SHA1 Message Date
gavin
3277c16554
Merge pull request #15919 from gavindsouza/bump-requirements-sec 
chore: Bump pip requirements
 2022-02-09 13:44:31 +05:30
Gavin D'souza
adc69cb3ec build: Upgrade Pillow dependency 
This upgrade handles multiple high severity vulnerabilities. I've not
checked the affected code in great depth but the APIs we use may be
affected. If they could actually be exploited is another matter which
would take a whole lotta effort which I'd rather not test xD

Fixes: CWE-74, CWE-125, CWE-120, CWE-125, CWE-400
CVE IDs: CVE-2022-22817, CVE-2022-22816, CVE-2021-34552, CVE-2021-23437
 2022-02-09 12:28:04 +05:30
Gavin D'souza
5798cfaf4c build: Update iPython dependency 
Updating dependency due to arbitrary code execution vulnerability in IPython that stems from IPython executing untrusted files in CWD. This vulnerability allows one user to run code as another.

ref: https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
Weaknesses: CWE-250, CWE-269, CWE-279
CVE ID: CVE-2022-21699
 2022-02-09 12:19:26 +05:30
Sagar Vora
e5857fa56a fix: improve setup wizard exception email 2022-02-08 20:02:49 +05:30
Sagar Vora
951ad3f844 chore(deps): bump werkzeug to latest version 2022-02-08 20:02:49 +05:30
Gavin D'souza
de2bcb08b4 fix!: Drop six PY2 compatibility package 2022-01-27 18:28:04 +05:30
ChillarAnand
4ceb179699 chore: Clean up requirements 2021-11-11 20:56:47 +05:30
mergify[bot]
868d545ba5
Merge branch 'develop' into print-format-builder-beta 2021-10-22 04:38:08 +00:00
Faris Ansari
5345d4ce7b Merge branch 'develop' of https://github.com/frappe/frappe into print-format-builder-beta 2021-10-20 18:40:18 +05:30
Ankush Menat
121533cf13
refactor: remove chalk dependency 2021-10-20 12:46:05 +05:30
Ankush Menat
a0262fd779
refactor!: remove unittest-xml-reporting dependency 2021-10-20 12:43:15 +05:30
Ankush Menat
49b157e7e5
refactor!: remove ngrok from requirements.txt 2021-10-20 12:43:15 +05:30
Ankush Menat
a6c752458b
refactor!: remove faker from requirements.txt 2021-10-20 12:43:12 +05:30
Ankush Menat
8904a1c7ad
fix: remove pycups from requirements 2021-10-04 10:40:15 +05:30
rohitwaghchaure
34c0920747
Merge pull request #14329 from KrithiRamani/new-arg-filename 
feat: pass filename as argument to print_by_server
 2021-10-01 09:49:15 +05:30
KrithiRamani
0e16fc03ad
Update requirements.txt 
Added version no for pycups

Co-authored-by: Ankush Menat <ankushmenat@gmail.com>
 2021-10-01 09:44:17 +05:30
Krithi Ramani
78a89fdb99 renamed argument to file_path. Added pycups to requirements.txt 2021-09-30 22:20:42 +05:30
Gavin D'souza
39d63641f3 chore: Bump psycopg2-binary Python client 2021-09-30 13:35:39 +05:30
Ankush Menat
8d46b365d9
chore(deps): bump ipython to latest version 2021-09-13 21:41:55 +05:30
Faris Ansari
b8b8d1305f fix: add cairocffi as requirement 2021-09-06 16:57:55 +05:30
Faris Ansari
0928c4c172 feat: Use weasyprint to generate PDF 
- /printpreview route to preview HTML template
 2021-09-06 16:57:37 +05:30
Gavin D'souza
783165c01e fix: Retry get_redis_conn until "sure" 
If ConnectionError or BusyLoadingError occurs, try every second for
up-to 10 times.

Why: `bench start` exits just as i run it at times. This happens when
the worker's processes each try to fetch a redis conn but redis isnt up
yet. The 3 workeer processes exit with 1 and our procman gives up too.
 2021-08-30 12:00:31 +05:30
saxenabhishek
eb9d2bcd64 feat: Query builder 2021-07-30 11:00:34 +05:30
Gavin D'souza
165ff8e1bf chore: Update PyJWT dependency 
* Update pinned dep fromm 1.7.1 to 2.0.1
* Updated usages as per changelog

ref: https://python.libhunt.com/pyjwt-changelog
 2021-05-29 17:22:30 +05:30
Gavin D'souza
9b4c191928 chore: Update Jinja2 dependency 
Update from 2.11.3 to 3.0.1

Ref: https://jinja.palletsprojects.com/en/3.0.x/changes/
 2021-05-28 23:10:59 +05:30
Gavin D'souza
295d44cee5 chore: Drop future from requirements.txt 2021-05-26 19:31:17 +05:30
Gavin D'souza
3adb84eb8d chore: Drop watchdog dependency 
Watchdog isn't used by Frappe, and there wasn't any mechanism to access
it directly either. By default, bench serve (or start) uses
Werkzeug's watchdogreloader
 2021-05-26 17:04:28 +05:30
Gavin D'souza
d236a93169 chore: Replacing and updating bleach source list 
* The library bleach-whitelist was deprecated and renamed to
bleach-allowlist.
* Updated the usages and requirements for the same.
 2021-05-26 15:45:34 +05:30
Suraj Shetty
00b6a6729d ci: Use right parallel test runner command 
- Also, fix coverage & coveralls setup
 2021-05-07 21:59:58 +05:30
Suraj Shetty
e33a09f4e6 refactor: Test runner 
- fix style
- Handle global dependency
 2021-05-05 13:15:25 +05:30
Mohammad Hasnain Mohsin Rajan
9070cdc73d
ci: fix coveralls (#12971) 
* fix: add service

* Update ci-tests.yml

* Update ci-tests.yml

* fix: coverage version

* fix: coveralls

* Update requirements.txt

* fix: add service name env var

* ci: Set COVERALLS_SERVICE_NAME as github

* ci: add tokens

* Update ci-tests.yml

* ci: no rcfile

* fix: pin versions

Co-authored-by: Suraj Shetty <13928957+surajshetty3416@users.noreply.github.com>
 2021-04-26 20:28:15 +05:30
Rohan Bansal
f617bfeba6 fix: update dependencies 2021-04-19 12:51:48 +05:30
Rohan Bansal
86851028ea feat: manage Python 3 compatiblity with dependencies 2021-04-14 14:40:58 +05:30
Suraj Shetty
358a9fabea
fix: max_old_space_size limit for node processes (#12494) 
Co-authored-by: Gavin D'souza <gavin18d@gmail.com>
 2021-03-01 16:43:18 +05:30
Ankush Menat
00afecba6e
fix: console crash due upstream issue in ipython 
Temporary solution is to pin jedi to one version lower.

Reference: https://github.com/ipython/ipython/issues/12740#issuecomment-751273584
 2021-02-26 12:04:55 +05:30
Rushabh Mehta
ba053c190e
chore(Snyk): Security upgrade cryptography from 3.2 to 3.3.2 (#12350) 
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Suraj Shetty <13928957+surajshetty3416@users.noreply.github.com>
 2021-02-09 19:12:41 +05:30
Rushabh Mehta
f95d34918d
chore(Snyk): Security upgrade markdown2 from 2.3.9 to 2.4.0 (#12331) 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-MARKDOWN2-1063233

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
 2021-02-05 08:47:58 +05:30
dependabot-preview[bot]
fdfdc6fa7f
chore(deps): [security] bump bleach from 3.1.4 to 3.3.0 (#12309) 
Bumps [bleach](https://github.com/mozilla/bleach) from 3.1.4 to 3.3.0. **This update includes a security fix.**
- [Release notes](https://github.com/mozilla/bleach/releases)
- [Changelog](https://github.com/mozilla/bleach/blob/master/CHANGES)
- [Commits](https://github.com/mozilla/bleach/compare/v3.1.4...v3.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
 2021-02-03 22:10:42 +05:30
Rushabh Mehta
5b7e7ec39c
chore(Snyk): Security upgrade jinja2 from 2.11.1 to 2.11.3 (#12297) 
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Suraj Shetty <13928957+surajshetty3416@users.noreply.github.com>
 2021-02-02 09:46:27 +05:30
snyk-bot
19c6e0218d
fix: requirements.txt to reduce vulnerabilities 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-590151
 2021-01-20 22:57:25 +00:00
Rushabh Mehta
fa80d26f4c fix(minor): update requirements.txt 2020-12-02 09:46:48 +05:30
Rohan Bansal
9a84a7eb45 feat: use giturlparse to parse Git URLs 2020-11-27 17:30:43 +05:30
Mangesh-Khairnar
ea0af8d2e2 chore: remove twilio from requirements 2020-11-02 13:25:22 +05:30
dependabot[bot]
22a7b3d039
chore(deps): bump cryptography from 2.8 to 3.2 
Bumps [cryptography](https://github.com/pyca/cryptography) from 2.8 to 3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/2.8...3.2)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-10-27 20:51:28 +00:00
Snyk bot
f004b0592d
chore: Security upgrade rsa from 4.0 to 4.1 (#11671) 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-RSA-570831
 2020-10-09 10:26:33 +05:30
Snyk bot
b720726207
chore: Update passlib to fix security issue (#11664) 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PASSLIB-569603

Co-authored-by: Suraj Shetty <13928957+surajshetty3416@users.noreply.github.com>
 2020-10-08 09:59:20 +05:30
snyk-bot
cb23996c8e
fix: requirements.txt to reduce vulnerabilities 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1014645
 2020-10-01 22:55:15 +00:00
gavin
f710ad095f
Merge pull request #11436 from gavindsouza/build-assets 
feat: Ship built assets
 2020-09-15 13:01:38 +05:30
Gavin D'souza
1fa5ca0ef7 fix: Use tarfile lib instead of tar UNIX tool 
style: Fix UX to show more outputs
 2020-09-08 15:29:09 +05:30
Shivam Mishra
59a74c0634
fix: minor typo in requirements.txt 2020-09-07 10:08:27 +05:30