[pull] master from lektor:master #2
Open
+36,270
−25,359
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
DeepCode's analysis on #f135d7 found:
Top issues
👉 View analysis in DeepCode’s Dashboard | Configure the bot👉 The DeepCode service and API will be deprecated in August, 2021. Here is the information how to migrate. Thank you for using DeepCode 🙏 ❤️ !If you are using our plugins, you might be interested in their successors: Snyk's JetBrains plugin and Snyk's VS Code plugin. |
dairiki
force-pushed
the
master
branch
2 times, most recently
from
4aaae00 to
1999510
Compare
From my experience with it in recent months, esbuild is vastly superior to webpack (and all other bundlers). We are using modern TS and React which are supported out-of-the-box by esbuild, allowing the rather opaque build tools webpack and babel. Only for SASS we need a plugin, which is trivially done in a couple of lines of code. Reduces the build time from ~12s to ~3s on my machine (even though it is adding a minification step which we previously did not have).
Use esbuild as a build tool and build frontend with prod React build
Resolve links in Markdown text. Support mistune 2.x
[skip ci]
Add tests for the `--name`, `--project-file`, `--tree`, and `--output-path` options to the `lektor project-info` subcommand.
The latest release of click raises `TypeError` for Options that are declared with both `multiple` and `is_flag` set. The exception message suggests using `count` instead, but that does not do what we want. This commit rejiggers things to avoid the use of `multiple` on `is_flag` options. Reference: #1031.
…id-with-is_flag Fix for #1031: click 8.1.3 → "TypeError: multiple not valid with is_flag"
[skip ci]
Add MarkupSafe and pytz as direct runtime deps, since they are imported and used but not explictly declared, and are only satisfied transitively which cannot be relied upon. Also, remove the [security] extra to requests as it was dropped upstream, as modern, more security SSL is included with Py>=3.6-3.7, which Lektor already requires, and the [toml] extra to Setuptools_SCM, which was removed in 6.2.0. Finally, remove wheel as a direct build-requires following current normative guidance, as it will be pulled in as needed by Setuptools.
Add missing implicit requires, remove dropped extras & unneeded wheel build dep
Parametrizes the app fixture to supply apps with and without extra-flags. Not the smallest possible testcase but it does the trick for now
This excercises #1043
Fix extra_flag crash
* refactor(imagetools): refactor get_image_info to use Pillow Use Pillow to determine image format and dimensions rather than our own home-rolled code. * fix: support Pillow<7 * refactor(imagetools): use Pillow to access EXIF tags * fix: compatibility with older versions of Pillow * tests(imagetools): type annotations * fix: do not transpose PNGs based on Exif Orientation * refactor(imagetools): deprecate passing file object to get_image_info * refactor(Video): use cached_property * fix(imagetools): always convert image to RGB before scaling * refactor(imagetools)!: remove deprecated methods of ThumbnailMode Remove deprecated property `ThumbnailMode.label` and classmethod `ThumbnailMode.from_label`. * refactor: split imagetools from module to package * fix(b/c): re-export `compute_dimensions` and `get_quality` The following plugins appears to use internal bits of `lektor.imagetools`: - https://github.com/numericube/lektor-minification/ - https://github.com/chaos-bodensee/lektor-image-resize/ - https://github.com/skorokithakis/lektor-thumbnail-generator/ From a perusal of their code, it appears that they'll all be broken by recent Lektor code changes having to do with moving from ImageMagick to Pillow. This doesn't completely address the issues for those plugins, but, for the sake of backward-compatibility, here we: - re-export `lektor.imagetools.compute_dimensions` (which was moved to `lektor.imagetools.thumbnail`). - re-implement and deprecated `lektor.imagetools.get_quality` * docs(imagetools): update comments * tests(imagetools): use real Context in tests Instead of a Mock, use a real lektor.context.Context in the image tests. * test(imagetools): add thumbnail dependency race-condition test * fix(test): fix test for pillow 10.0.0 I'm not sure why this test ever worked. Different versions of convert from color strings to HSV values differently. * refactor(imagetools): clean up get_svg_info - rename to `_get_svg_info` to emphasize it is internal - raise exception rather than returning "unknown" if SVG is unparseable - rewind file after _get_svg_info call * fix(bitrot): use PIL.Image.Transpose int enum Pillow >= 9.1 moves many of the constants that were in the top-level of the PIL.Image module into IntEnums within the module. But then it re-exports the enum members to the module programmatically. Something has changed recently (I'm not sure whether on the Pillow side or the pylint side) to make pylint throw `no-member` warnings when these are accessed as module-level attributes. For the sake of moving forward, here we use the enums, polyfilling them if running with an older version of Pillow. * chore: remove python<3.8 compatibility code
* feat: tool drawer for edit and live-reload buttons This replaces the *edit pencil* on HTML artifacts served by the admin server with "tool drawer". The tool drawer contains an edit button (which takes the place of the edit pencil), as well as a toggle button that can be used to disable live-reload (see #1027) for the window. If the tool drawer is obscuring part of the HTML page that one would like to look at or click on, the drawer may be dragged vertically to reposition it. It may also be (mostly) hidden off screen to minimize its visual impact. * feat(admin gui): use link for "Return to Website" button Using a real link (`<a href="...">`) instead of a button with onclick handler allows the user to, e.g., open a new window with a live-preview by middle or right clicking on the button. Anyway, since the "button" leads to a new URL outside of the admin app, it's the right thing to do. E.g. see https://css-tricks.com/buttons-vs-links/. * perf: do not use React's StrictMode in production Strict mode causes everything to be rendered twice. (I noticed this because GlobalActions was firing off two request for /previewinfo for every page change.) This is not particularly efficient, and is probably not appropriate for the production build. * revert: remove --no-reload cli option The `--no-reload` option was add in PR #1027 (c38596a). It disables the live-reload feature globally. Since this PR adds the ability to disable live-reload on a per-window basis, the global option no longer seems necessary.
We were using re.sub() to inject the tooldrawer HTML. Re.sub treats backslashes in the replacement string specially. When the injected HTML includes a backslash (e.g. in JSON string data), this was resulting in a "bad escape \u" exception.
* test: check that make_editor_session rejects funky paths * fix: validate path in make_editor_session * test: check that untrusted_to_os_path prevents traversal to parent * fix[untrusted_to_os_path]: prevent traversal to parent directories
* test: new record creation confined to `content` tree * fix: enforce canonical db path
The add-child endpoint must be quoted, otherwise parsing fails and the endpoint will not be accessible. For werkzeug < 3.0.2, parsing fails silently, for later versions, it fails with an exception.
Binary wheels for old versions of Pillow seem not to be available for macos on arm64?
dash blueprint: quote add-child endpoint
Includes fixes for vulnerabilities reported by npm audit (and dependabot).
We were implicitly doing so anyway already, getting errors like this due to recently improved types: DateInputWidget.tsx(17,24): error TS1503: Named capturing groups are only available when targeting 'ES2018' or later.
Heuristically, at least as of git 2.46.0, `git diff` seems to treat renamed but otherwise unmodified files as unchanged. (Previously, e.g. git 2.34.0, `git diff` treated renamed files as changed.) Here we fix this by explicitly disabling renamed file tracking.
* chore(ci): update to latest versions of actions * fix(ci): specify python version to use for building dist
The version we were pinned at does not run under python 3.12.
TODO: Revert this commit as soon as compatibility with the latest version of Pillow is restored. Ref #1200
* Revert "🧪🚑 Pin Pillow below v11 (#1201)" * fix: strip XMP metadata from thumbnails
* chore: update pre-commit hook versions Updated to latest versions, expect for black which we pin <24 since black>=24 is incompatible with reorder-python-imports. Ref: psf/black#4175 * style: fixes from the latest pyupgrade * style: fix issue surfaced by latest version of flake8-bugbear * feat!: drop support for python 3.8 * chore: delete work-around for old versions of venv.EnvBuilder * chore: run pyupgrade --py39-plus * style(typing): fix to keep mypy happy * feat: test under python 3.13 * style: fix python 3.13 nits surfaced by pylint * fix: fix edge case in timezone parsing
This patch renames the main GHA workflow definition file to mention the CD bit (since it includes publishing to PyPI). It also changes its name so that it does not take up a lot of space in the UI and is not misleading in the same way. The job names remain the same, meaning that well-known checks/statuses still appear in the PR UI.
* frontend: npm update * frontend: upgrade @types/node, jsdom * frontend: fix lint error in build script * frontend: npm update * frontend: upgrade react-router Looking at https://reactrouter.com/upgrading/v6, this introduces no breaking changes for us. * frontend: ignore sass warnings from Bootstrap * frontend: upgrade esbuild * frontend: upgrade eslint and address lint warnings
* test: update to pylint==3.3.1 Pylint < 3.3 does not support running under python 3.13 * fix!: fixes to pass new pylint too-many-positional-arguments check This involves marking a number of arguments on functions taking many arguments as keyword-only. Most of these are internal-use only. The chance of this breaking user code is slim. * tests: update to pylint 3.3.2
* tests: add test for access mode of created artifacts * fix: fix created file modes (respecting umask) * fix(tests): umask unsupported on Windows * docs: update docstrings
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]. Want to support this open source service? Please star it : )