From 9a25d989cd65c4991c2c8ac46ef55e0e8dfe49ab Mon Sep 17 00:00:00 2001 From: David Lord Date: Fri, 12 Apr 2024 15:15:20 -0700 Subject: [PATCH] update project files * update pre-commit hooks * upgrade pip with venv * update description and version * show url in publish environment * update actions versions, separate typing job * use dependabot grouped updates ignore upload/download-artifact until slsa updates * use sphinx.ext.extlinks instead of sphinx-issues * update dev dependencies * update .editorconfig * update .gitignore * update .readthedocs.yaml * license is txt, readme is md * remove install and links sections * update pyproject.toml add typed classifier add pyright config simplify urls * tox builds docs in place * add tox env to update all dev dependencies * update issue and pr templates * simplify matrix --- .devcontainer/devcontainer.json | 17 ++ .devcontainer/on-create-command.sh | 7 + .editorconfig | 2 +- .flake8 | 25 --- .github/ISSUE_TEMPLATE/bug-report.md | 5 +- .github/ISSUE_TEMPLATE/config.yml | 13 +- .github/ISSUE_TEMPLATE/feature-request.md | 4 +- .github/dependabot.yml | 29 +++- .github/pull_request_template.md | 25 ++- .github/workflows/lock.yaml | 16 +- .github/workflows/publish.yaml | 41 ++--- .github/workflows/tests.yaml | 52 +++--- .gitignore | 24 +-- .pre-commit-config.yaml | 33 +--- .readthedocs.yaml | 4 +- LICENSE.rst => LICENSE.txt | 0 README.md | 40 +++++ README.rst | 66 ------- docs/conf.py | 23 +-- docs/license.rst | 3 +- pyproject.toml | 42 +++-- requirements/build.txt | 13 +- requirements/dev.in | 7 +- requirements/dev.txt | 190 ++++++++++++++++----- requirements/docs.in | 5 +- requirements/docs.txt | 48 +++--- requirements/tests.txt | 21 ++- requirements/typing.in | 2 + requirements/typing.txt | 28 ++- src/itsdangerous/timed.py | 6 +- tests/test_itsdangerous/test_serializer.py | 6 +- tox.ini | 20 ++- 32 files changed, 467 insertions(+), 350 deletions(-) create mode 100644 .devcontainer/devcontainer.json create mode 100755 .devcontainer/on-create-command.sh delete mode 100644 .flake8 rename LICENSE.rst => LICENSE.txt (100%) create mode 100644 README.md delete mode 100644 README.rst diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000..58b406f --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,17 @@ +{ + "name": "pallets/itsdangerous", + "image": "mcr.microsoft.com/devcontainers/python:3", + "customizations": { + "vscode": { + "settings": { + "python.defaultInterpreterPath": "${workspaceFolder}/.venv", + "python.terminal.activateEnvInCurrentTerminal": true, + "python.terminal.launchArgs": [ + "-X", + "dev" + ] + } + } + }, + "onCreateCommand": ".devcontainer/on-create-command.sh" +} diff --git a/.devcontainer/on-create-command.sh b/.devcontainer/on-create-command.sh new file mode 100755 index 0000000..eaebea6 --- /dev/null +++ b/.devcontainer/on-create-command.sh @@ -0,0 +1,7 @@ +#!/bin/bash +set -e +python3 -m venv --upgrade-deps .venv +. .venv/bin/activate +pip install -r requirements/dev.txt +pip install -e . +pre-commit install --install-hooks diff --git a/.editorconfig b/.editorconfig index e32c802..2ff985a 100644 --- a/.editorconfig +++ b/.editorconfig @@ -9,5 +9,5 @@ end_of_line = lf charset = utf-8 max_line_length = 88 -[*.{yml,yaml,json,js,css,html}] +[*.{css,html,js,json,jsx,scss,ts,tsx,yaml,yml}] indent_size = 2 diff --git a/.flake8 b/.flake8 deleted file mode 100644 index 725af6f..0000000 --- a/.flake8 +++ /dev/null @@ -1,25 +0,0 @@ -[flake8] -extend-select = - # bugbear - B - # bugbear opinions - B9 - # implicit str concat - ISC -extend-ignore = - # slice notation whitespace, invalid - E203 - # line length, handled by bugbear B950 - E501 - # bare except, handled by bugbear B001 - E722 - # zip with strict=, requires python >= 3.10 - B905 - # string formatting opinion, B028 renamed to B907 - B028 - B907 -# up to 88 allowed by bugbear B950 -max-line-length = 80 -per-file-ignores = - # __init__ exports names - src/itsdangerous/__init__.py: F401 diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md index 898115c..f851815 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.md +++ b/.github/ISSUE_TEMPLATE/bug-report.md @@ -4,9 +4,8 @@ about: Report a bug in ItsDangerous (not other projects which depend on ItsDange --- diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 84de71e..548aa86 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,11 +1,8 @@ blank_issues_enabled: false contact_links: - - name: Security issue - url: security@palletsprojects.com - about: Do not report security issues publicly. Email our security contact. - - name: Questions - url: https://stackoverflow.com/questions/tagged/itsdangerous?tab=Frequent - about: Search for and ask questions about your code on Stack Overflow. - - name: Questions and discussions + - name: Questions on Discussions + url: https://github.com/pallets/itsdangerous/discussions/ + about: Ask questions about your own code on the Discussions tab. + - name: Questions on Chat url: https://discord.gg/pallets - about: Discuss questions about your code on our Discord chat. + about: Ask questions about your own code on our Discord chat. diff --git a/.github/ISSUE_TEMPLATE/feature-request.md b/.github/ISSUE_TEMPLATE/feature-request.md index f8bbb2d..c9cb728 100644 --- a/.github/ISSUE_TEMPLATE/feature-request.md +++ b/.github/ISSUE_TEMPLATE/feature-request.md @@ -5,11 +5,11 @@ about: Suggest a new feature for ItsDangerous diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 90f94bc..fa94b77 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,9 +1,24 @@ version: 2 updates: -- package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "monthly" - day: "monday" - time: "16:00" - timezone: "UTC" + - package-ecosystem: github-actions + directory: / + schedule: + interval: monthly + ignore: + # slsa depends on upload/download v3 + - dependency-name: actions/upload-artifact + versions: '>= 4' + - dependency-name: actions/download-artifact + versions: '>= 4' + groups: + github-actions: + patterns: + - '*' + - package-ecosystem: pip + directory: /requirements/ + schedule: + interval: monthly + groups: + python-requirements: + patterns: + - '*' diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 29fd35f..eb124d2 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,6 +1,7 @@ -- fixes # +fixes # +--> - -Checklist: - -- [ ] Add tests that demonstrate the correct behavior of the change. Tests should fail without the change. -- [ ] Add or update relevant docs, in the docs folder and in code. -- [ ] Add an entry in `CHANGES.rst` summarizing the change and linking to the issue. -- [ ] Add `.. versionchanged::` entries in any relevant code docs. -- [ ] Run `pre-commit` hooks and fix any issues. -- [ ] Run `pytest` and `tox`, no tests failed. diff --git a/.github/workflows/lock.yaml b/.github/workflows/lock.yaml index e962fd0..22228a1 100644 --- a/.github/workflows/lock.yaml +++ b/.github/workflows/lock.yaml @@ -1,25 +1,23 @@ -name: 'Lock threads' -# Lock closed issues that have not received any further activity for -# two weeks. This does not close open issues, only humans may do that. -# We find that it is easier to respond to new issues with fresh examples -# rather than continuing discussions on old issues. +name: Lock inactive closed issues +# Lock closed issues that have not received any further activity for two weeks. +# This does not close open issues, only humans may do that. It is easier to +# respond to new issues with fresh examples rather than continuing discussions +# on old issues. on: schedule: - cron: '0 0 * * *' - permissions: issues: write pull-requests: write - concurrency: group: lock - jobs: lock: runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@be8aa5be94131386884a6da4189effda9b14aa21 + - uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5.0.1 with: issue-inactive-days: 14 pr-inactive-days: 14 + discussion-inactive-days: 14 diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index f6ba8ab..9cedc0f 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -9,12 +9,12 @@ jobs: outputs: hash: ${{ steps.hash.outputs.hash }} steps: - - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 - - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: '3.x' - cache: 'pip' - cache-dependency-path: 'requirements/*.txt' + cache: pip + cache-dependency-path: requirements*/*.txt - run: pip install -r requirements/build.txt # Use the commit date instead of the current date during the build. - run: echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV @@ -23,28 +23,28 @@ jobs: - name: generate hash id: hash run: cd dist && echo "hash=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT - - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce + - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: path: ./dist provenance: - needs: ['build'] + needs: [build] permissions: actions: read id-token: write contents: write # Can't pin with hash due to how this workflow works. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 with: base64-subjects: ${{ needs.build.outputs.hash }} create-release: # Upload the sdist, wheels, and provenance to a GitHub release. They remain # available as build artifacts for a while as well. - needs: ['provenance'] + needs: [provenance] runs-on: ubuntu-latest permissions: contents: write steps: - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 - name: create release run: > gh release create --draft --repo ${{ github.repository }} @@ -53,20 +53,21 @@ jobs: env: GH_TOKEN: ${{ github.token }} publish-pypi: - needs: ['provenance'] + needs: [provenance] # Wait for approval before attempting to upload to PyPI. This allows reviewing the # files in the draft release. - environment: 'publish' + environment: + name: publish + url: https://pypi.org/project/itsdangerous/${{ github.ref_name }} runs-on: ubuntu-latest + permissions: + id-token: write steps: - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a - # Try uploading to Test PyPI first, in case something fails. - - uses: pypa/gh-action-pypi-publish@b7f401de30cb6434a1e19f805ff006643653240e + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + - uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14 with: - password: ${{ secrets.TEST_PYPI_TOKEN }} - repository_url: https://test.pypi.org/legacy/ - packages_dir: artifact/ - - uses: pypa/gh-action-pypi-publish@b7f401de30cb6434a1e19f805ff006643653240e + repository-url: https://test.pypi.org/legacy/ + packages-dir: artifact/ + - uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14 with: - password: ${{ secrets.PYPI_TOKEN }} - packages_dir: artifact/ + packages-dir: artifact/ diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 1ec277e..91a02d0 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -9,43 +9,49 @@ on: - '*.md' - '*.rst' pull_request: - branches: - - main - - '*.x' paths-ignore: - 'docs/**' - '*.md' - '*.rst' jobs: tests: - name: ${{ matrix.name }} - runs-on: ${{ matrix.os }} + name: ${{ matrix.name || matrix.python }} + runs-on: ${{ matrix.os || 'ubuntu-latest' }} strategy: fail-fast: false matrix: include: - - {name: Linux, python: '3.11', os: ubuntu-latest, tox: py311} - - {name: Windows, python: '3.11', os: windows-latest, tox: py311} - - {name: Mac, python: '3.11', os: macos-latest, tox: py311} - - {name: '3.12-dev', python: '3.12-dev', os: ubuntu-latest, tox: py312} - - {name: '3.10', python: '3.10', os: ubuntu-latest, tox: py310} - - {name: '3.9', python: '3.9', os: ubuntu-latest, tox: py39} - - {name: '3.8', python: '3.8', os: ubuntu-latest, tox: py38} - - {name: '3.7', python: '3.7', os: ubuntu-latest, tox: py37} - - {name: 'PyPy', python: 'pypy-3.10', os: ubuntu-latest, tox: pypy310} - - {name: Typing, python: '3.11', os: ubuntu-latest, tox: typing} + - {python: '3.12'} + - {name: Windows, python: '3.12', os: windows-latest} + - {name: Mac, python: '3.12', os: macos-latest} + - {python: '3.11'} + - {python: '3.10'} + - {python: '3.9'} + - {python: '3.8'} + - {name: PyPy, python: 'pypy-3.10', tox: pypy310} steps: - - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 - - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: ${{ matrix.python }} - cache: 'pip' - cache-dependency-path: 'requirements/*.txt' + allow-prereleases: true + cache: pip + cache-dependency-path: requirements*/*.txt + - run: pip install tox + - run: tox run -e ${{ matrix.tox || format('py{0}', matrix.python) }} + typing: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + with: + python-version: '3.x' + cache: pip + cache-dependency-path: requirements*/*.txt - name: cache mypy - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ./.mypy_cache - key: mypy|${{ matrix.python }}|${{ hashFiles('pyproject.toml') }} - if: matrix.tox == 'typing' + key: mypy|${{ hashFiles('pyproject.toml') }} - run: pip install tox - - run: tox run -e ${{ matrix.tox }} + - run: tox run -e typing diff --git a/.gitignore b/.gitignore index dd4a5cb..62c1b88 100644 --- a/.gitignore +++ b/.gitignore @@ -1,16 +1,10 @@ -/.idea/ -/.vscode/ -/env/ -/venv/ +.idea/ +.vscode/ +.venv*/ +venv*/ __pycache__/ -*.pyc -*.egg-info/ -/build/ -/dist/ -/.pytest_cache/ -/.tox/ -.coverage -.coverage.* -/htmlcov/ -/docs/_build/ -/.mypy_cache/ +dist/ +.coverage* +htmlcov/ +.tox/ +docs/_build/ diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9f369f0..8fd500e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,35 +1,16 @@ ci: - autoupdate_branch: "2.1.x" autoupdate_schedule: monthly repos: - - repo: https://github.com/asottile/pyupgrade - rev: v3.7.0 + - repo: https://github.com/astral-sh/ruff-pre-commit + rev: v0.3.7 hooks: - - id: pyupgrade - args: ["--py37-plus"] - - repo: https://github.com/asottile/reorder-python-imports - rev: v3.10.0 - hooks: - - id: reorder-python-imports - args: ["--application-directories", "src:tests"] - - repo: https://github.com/psf/black - rev: 23.3.0 - hooks: - - id: black - - repo: https://github.com/PyCQA/flake8 - rev: 6.0.0 - hooks: - - id: flake8 - additional_dependencies: - - flake8-bugbear - - flake8-implicit-str-concat - - repo: https://github.com/peterdemin/pip-compile-multi - rev: v2.6.3 - hooks: - - id: pip-compile-multi-verify + - id: ruff + - id: ruff-format - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v4.6.0 hooks: + - id: check-merge-conflict + - id: debug-statements - id: fix-byte-order-marker - id: trailing-whitespace - id: end-of-file-fixer diff --git a/.readthedocs.yaml b/.readthedocs.yaml index 346900b..865c685 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -1,8 +1,8 @@ version: 2 build: - os: ubuntu-20.04 + os: ubuntu-22.04 tools: - python: "3.10" + python: '3.12' python: install: - requirements: requirements/docs.txt diff --git a/LICENSE.rst b/LICENSE.txt similarity index 100% rename from LICENSE.rst rename to LICENSE.txt diff --git a/README.md b/README.md new file mode 100644 index 0000000..59b9a5b --- /dev/null +++ b/README.md @@ -0,0 +1,40 @@ +# ItsDangerous + +... so better sign this + +Various helpers to pass data to untrusted environments and to get it +back safe and sound. Data is cryptographically signed to ensure that a +token has not been tampered with. + +It's possible to customize how data is serialized. Data is compressed as +needed. A timestamp can be added and verified automatically while +loading a token. + + +## A Simple Example + +Here's how you could generate a token for transmitting a user's id and +name between web requests. + +```python +from itsdangerous import URLSafeSerializer +auth_s = URLSafeSerializer("secret key", "auth") +token = auth_s.dumps({"id": 5, "name": "itsdangerous"}) + +print(token) +# eyJpZCI6NSwibmFtZSI6Iml0c2Rhbmdlcm91cyJ9.6YP6T0BaO67XP--9UzTrmurXSmg + +data = auth_s.loads(token) +print(data["name"]) +# itsdangerous +``` + + +## Donate + +The Pallets organization develops and supports ItsDangerous and other +popular packages. In order to grow the community of contributors and +users, and allow the maintainers to devote more time to the projects, +[please donate today][]. + +[please donate today]: https://palletsprojects.com/donate diff --git a/README.rst b/README.rst deleted file mode 100644 index 96547b4..0000000 --- a/README.rst +++ /dev/null @@ -1,66 +0,0 @@ -ItsDangerous -============ - -... so better sign this - -Various helpers to pass data to untrusted environments and to get it -back safe and sound. Data is cryptographically signed to ensure that a -token has not been tampered with. - -It's possible to customize how data is serialized. Data is compressed as -needed. A timestamp can be added and verified automatically while -loading a token. - - -Installing ----------- - -Install and update using `pip`_: - -.. code-block:: text - - pip install -U itsdangerous - -.. _pip: https://pip.pypa.io/en/stable/getting-started/ - - -A Simple Example ----------------- - -Here's how you could generate a token for transmitting a user's id and -name between web requests. - -.. code-block:: python - - from itsdangerous import URLSafeSerializer - auth_s = URLSafeSerializer("secret key", "auth") - token = auth_s.dumps({"id": 5, "name": "itsdangerous"}) - - print(token) - # eyJpZCI6NSwibmFtZSI6Iml0c2Rhbmdlcm91cyJ9.6YP6T0BaO67XP--9UzTrmurXSmg - - data = auth_s.loads(token) - print(data["name"]) - # itsdangerous - - -Donate ------- - -The Pallets organization develops and supports ItsDangerous and other -popular packages. In order to grow the community of contributors and -users, and allow the maintainers to devote more time to the projects, -`please donate today`_. - -.. _please donate today: https://palletsprojects.com/donate - - -Links ------ - -- Documentation: https://itsdangerous.palletsprojects.com/ -- Changes: https://itsdangerous.palletsprojects.com/changes/ -- PyPI Releases: https://pypi.org/project/ItsDangerous/ -- Source Code: https://github.com/pallets/itsdangerous/ -- Issue Tracker: https://github.com/pallets/itsdangerous/issues/ -- Chat: https://discord.gg/pallets diff --git a/docs/conf.py b/docs/conf.py index bfd3a26..ea5dd91 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -10,18 +10,25 @@ # General -------------------------------------------------------------- -master_doc = "index" +default_role = "code" extensions = [ "sphinx.ext.autodoc", + "sphinx.ext.extlinks", "sphinx.ext.intersphinx", - "pallets_sphinx_themes", "sphinxcontrib.log_cabinet", - "sphinx_issues", + "pallets_sphinx_themes", ] autoclass_content = "both" +autodoc_member_order = "bysource" autodoc_typehints = "description" -intersphinx_mapping = {"python": ("https://docs.python.org/3/", None)} -issues_github_path = "pallets/itsdangerous" +autodoc_preserve_defaults = True +extlinks = { + "issue": ("https://github.com/pallets/itsdangerous/issues/%s", "#%s"), + "pr": ("https://github.com/pallets/itsdangerous/pull/%s", "#%s"), +} +intersphinx_mapping = { + "python": ("https://docs.python.org/3/", None), +} # HTML ----------------------------------------------------------------- @@ -46,9 +53,3 @@ html_logo = "_static/itsdangerous-logo-sidebar.png" html_title = f"{project} Documentation ({version})" html_show_sourcelink = False - -# LaTeX ---------------------------------------------------------------- - -latex_documents = [ - (master_doc, f"{project}-{version}.tex", html_title, author, "manual") -] diff --git a/docs/license.rst b/docs/license.rst index a53a98c..2a445f9 100644 --- a/docs/license.rst +++ b/docs/license.rst @@ -1,4 +1,5 @@ BSD-3-Clause License ==================== -.. include:: ../LICENSE.rst +.. literalinclude:: ../LICENSE.txt + :language: text diff --git a/pyproject.toml b/pyproject.toml index a3b8379..d26b528 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,15 +1,16 @@ [project] name = "itsdangerous" description = "Safely pass data to untrusted environments and back." -readme = "README.rst" -license = {file = "LICENSE.rst"} -maintainers = [{name = "Pallets", email = "contact@palletsprojects.com"}] +readme = "README.md" +license = { file = "LICENSE.txt" } +maintainers = [{ name = "Pallets", email = "contact@palletsprojects.com" }] classifiers = [ "Development Status :: 5 - Production/Stable", "Intended Audience :: Developers", "License :: OSI Approved :: BSD License", "Operating System :: OS Independent", "Programming Language :: Python", + "Typing :: Typed", ] requires-python = ">=3.7" dynamic = ["version"] @@ -18,8 +19,7 @@ dynamic = ["version"] Donate = "https://palletsprojects.com/donate" Documentation = "https://itsdangerous.palletsprojects.com/" Changes = "https://itsdangerous.palletsprojects.com/changes/" -"Source Code" = "https://github.com/pallets/itsdangerous/" -"Issue Tracker" = "https://github.com/pallets/itsdangerous/issues/" +Source = "https://github.com/pallets/itsdangerous/" Chat = "https://discord.gg/pallets" [build-system] @@ -45,8 +45,6 @@ exclude = [ testpaths = ["tests"] filterwarnings = [ "error", - # dateutil using datetime.utcfromtimestamp - "ignore:datetime.utcfromtimestamp:DeprecationWarning:dateutil.tz.tz", ] [tool.coverage.run] @@ -57,10 +55,34 @@ source = ["itsdangerous", "tests"] source = ["src", "*/site-packages"] [tool.mypy] -python_version = "3.7" +python_version = "3.8" files = ["src/itsdangerous"] show_error_codes = true pretty = true strict = true -local_partial_types = true -warn_unreachable = true + +[tool.pyright] +pythonVersion = "3.8" +include = ["src/itsdangerous"] +typeCheckingMode = "basic" + +[tool.ruff] +src = ["src"] +fix = true +show-fixes = true +output-format = "full" + +[tool.ruff.lint] +select = [ + "B", # flake8-bugbear + "E", # pycodestyle error + "F", # pyflakes + "I", # isort + "UP", # pyupgrade + "W", # pycodestyle warning +] +ignore-init-module-imports = true + +[tool.ruff.lint.isort] +force-single-line = true +order-by-type = false diff --git a/requirements/build.txt b/requirements/build.txt index 196545d..9ecc489 100644 --- a/requirements/build.txt +++ b/requirements/build.txt @@ -1,13 +1,12 @@ -# SHA1:80754af91bfb6d1073585b046fe0a474ce868509 # -# This file is autogenerated by pip-compile-multi -# To update, run: +# This file is autogenerated by pip-compile with Python 3.12 +# by the following command: # -# pip-compile-multi +# pip-compile build.in # -build==0.10.0 - # via -r requirements/build.in -packaging==23.1 +build==1.2.1 + # via -r build.in +packaging==24.0 # via build pyproject-hooks==1.0.0 # via build diff --git a/requirements/dev.in b/requirements/dev.in index 99f5942..1efde82 100644 --- a/requirements/dev.in +++ b/requirements/dev.in @@ -1,6 +1,5 @@ --r docs.in --r tests.in --r typing.in -pip-compile-multi +-r docs.txt +-r tests.txt +-r typing.txt pre-commit tox diff --git a/requirements/dev.txt b/requirements/dev.txt index ed46208..272c42f 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -1,64 +1,178 @@ -# SHA1:54b5b77ec8c7a0064ffa93b2fd16cb0130ba177c # -# This file is autogenerated by pip-compile-multi -# To update, run: +# This file is autogenerated by pip-compile with Python 3.12 +# by the following command: # -# pip-compile-multi +# pip-compile dev.in # --r docs.txt --r tests.txt --r typing.txt -build==0.10.0 - # via pip-tools -cachetools==5.3.1 +alabaster==0.7.16 + # via + # -r docs.txt + # sphinx +babel==2.14.0 + # via + # -r docs.txt + # sphinx +cachetools==5.3.3 # via tox -cfgv==3.3.1 +certifi==2024.2.2 + # via + # -r docs.txt + # requests +cfgv==3.4.0 # via pre-commit -chardet==5.1.0 +chardet==5.2.0 # via tox -click==8.1.3 +charset-normalizer==3.3.2 # via - # pip-compile-multi - # pip-tools + # -r docs.txt + # requests colorama==0.4.6 # via tox -distlib==0.3.6 +distlib==0.3.8 # via virtualenv -filelock==3.12.2 +docutils==0.20.1 + # via + # -r docs.txt + # sphinx +filelock==3.13.4 # via # tox # virtualenv -identify==2.5.24 +freezegun==1.4.0 + # via -r tests.txt +identify==2.5.35 # via pre-commit +idna==3.7 + # via + # -r docs.txt + # requests +imagesize==1.4.1 + # via + # -r docs.txt + # sphinx +iniconfig==2.0.0 + # via + # -r tests.txt + # -r typing.txt + # pytest +jinja2==3.1.3 + # via + # -r docs.txt + # sphinx +markupsafe==2.1.5 + # via + # -r docs.txt + # jinja2 +mypy==1.9.0 + # via -r typing.txt +mypy-extensions==1.0.0 + # via + # -r typing.txt + # mypy nodeenv==1.8.0 - # via pre-commit -pip-compile-multi==2.6.3 - # via -r requirements/dev.in -pip-tools==6.13.0 - # via pip-compile-multi -platformdirs==3.8.0 + # via + # -r typing.txt + # pre-commit + # pyright +packaging==24.0 + # via + # -r docs.txt + # -r tests.txt + # -r typing.txt + # pallets-sphinx-themes + # pyproject-api + # pytest + # sphinx + # tox +pallets-sphinx-themes==2.1.1 + # via -r docs.txt +platformdirs==4.2.0 # via # tox # virtualenv -pre-commit==3.3.3 - # via -r requirements/dev.in -pyproject-api==1.5.2 +pluggy==1.4.0 + # via + # -r tests.txt + # -r typing.txt + # pytest + # tox +pre-commit==3.7.0 + # via -r dev.in +pygments==2.17.2 + # via + # -r docs.txt + # sphinx +pyproject-api==1.6.1 # via tox -pyproject-hooks==1.0.0 - # via build -pyyaml==6.0 +pyright==1.1.358 + # via -r typing.txt +pytest==8.1.1 + # via + # -r tests.txt + # -r typing.txt +python-dateutil==2.9.0.post0 + # via + # -r tests.txt + # freezegun +pyyaml==6.0.1 # via pre-commit -toposort==1.10 - # via pip-compile-multi -tox==4.6.3 - # via -r requirements/dev.in -virtualenv==20.23.1 +requests==2.31.0 + # via + # -r docs.txt + # sphinx +six==1.16.0 + # via + # -r tests.txt + # python-dateutil +snowballstemmer==2.2.0 + # via + # -r docs.txt + # sphinx +sphinx==7.2.6 + # via + # -r docs.txt + # pallets-sphinx-themes + # sphinxcontrib-log-cabinet +sphinxcontrib-applehelp==1.0.8 + # via + # -r docs.txt + # sphinx +sphinxcontrib-devhelp==1.0.6 + # via + # -r docs.txt + # sphinx +sphinxcontrib-htmlhelp==2.0.5 + # via + # -r docs.txt + # sphinx +sphinxcontrib-jsmath==1.0.1 + # via + # -r docs.txt + # sphinx +sphinxcontrib-log-cabinet==1.0.1 + # via -r docs.txt +sphinxcontrib-qthelp==1.0.7 + # via + # -r docs.txt + # sphinx +sphinxcontrib-serializinghtml==1.1.10 + # via + # -r docs.txt + # sphinx +tox==4.14.2 + # via -r dev.in +typing-extensions==4.11.0 + # via + # -r typing.txt + # mypy +urllib3==2.2.1 + # via + # -r docs.txt + # requests +virtualenv==20.25.1 # via # pre-commit # tox -wheel==0.40.0 - # via pip-tools # The following packages are considered to be unsafe in a requirements file: -# pip # setuptools diff --git a/requirements/docs.in b/requirements/docs.in index 7ec501b..ba3fd77 100644 --- a/requirements/docs.in +++ b/requirements/docs.in @@ -1,4 +1,3 @@ -Pallets-Sphinx-Themes -Sphinx -sphinx-issues +pallets-sphinx-themes +sphinx sphinxcontrib-log-cabinet diff --git a/requirements/docs.txt b/requirements/docs.txt index e125c59..cf90071 100644 --- a/requirements/docs.txt +++ b/requirements/docs.txt @@ -1,61 +1,57 @@ -# SHA1:45c590f97fe95b8bdc755eef796e91adf5fbe4ea # -# This file is autogenerated by pip-compile-multi -# To update, run: +# This file is autogenerated by pip-compile with Python 3.12 +# by the following command: # -# pip-compile-multi +# pip-compile docs.in # -alabaster==0.7.13 +alabaster==0.7.16 # via sphinx -babel==2.12.1 +babel==2.14.0 # via sphinx -certifi==2023.5.7 +certifi==2024.2.2 # via requests -charset-normalizer==3.1.0 +charset-normalizer==3.3.2 # via requests docutils==0.20.1 # via sphinx -idna==3.4 +idna==3.7 # via requests imagesize==1.4.1 # via sphinx -jinja2==3.1.2 +jinja2==3.1.3 # via sphinx -markupsafe==2.1.3 +markupsafe==2.1.5 # via jinja2 -packaging==23.1 +packaging==24.0 # via # pallets-sphinx-themes # sphinx pallets-sphinx-themes==2.1.1 - # via -r requirements/docs.in -pygments==2.15.1 + # via -r docs.in +pygments==2.17.2 # via sphinx requests==2.31.0 # via sphinx snowballstemmer==2.2.0 # via sphinx -sphinx==7.0.1 +sphinx==7.2.6 # via - # -r requirements/docs.in + # -r docs.in # pallets-sphinx-themes - # sphinx-issues # sphinxcontrib-log-cabinet -sphinx-issues==3.0.1 - # via -r requirements/docs.in -sphinxcontrib-applehelp==1.0.4 +sphinxcontrib-applehelp==1.0.8 # via sphinx -sphinxcontrib-devhelp==1.0.2 +sphinxcontrib-devhelp==1.0.6 # via sphinx -sphinxcontrib-htmlhelp==2.0.1 +sphinxcontrib-htmlhelp==2.0.5 # via sphinx sphinxcontrib-jsmath==1.0.1 # via sphinx sphinxcontrib-log-cabinet==1.0.1 - # via -r requirements/docs.in -sphinxcontrib-qthelp==1.0.3 + # via -r docs.in +sphinxcontrib-qthelp==1.0.7 # via sphinx -sphinxcontrib-serializinghtml==1.1.5 +sphinxcontrib-serializinghtml==1.1.10 # via sphinx -urllib3==2.0.3 +urllib3==2.2.1 # via requests diff --git a/requirements/tests.txt b/requirements/tests.txt index 8cbfe6d..1d21920 100644 --- a/requirements/tests.txt +++ b/requirements/tests.txt @@ -1,21 +1,20 @@ -# SHA1:817ecc8a9cb652b1473408ed241d76d464c7cfaa # -# This file is autogenerated by pip-compile-multi -# To update, run: +# This file is autogenerated by pip-compile with Python 3.12 +# by the following command: # -# pip-compile-multi +# pip-compile tests.in # -freezegun==1.2.2 - # via -r requirements/tests.in +freezegun==1.4.0 + # via -r tests.in iniconfig==2.0.0 # via pytest -packaging==23.1 +packaging==24.0 # via pytest -pluggy==1.2.0 +pluggy==1.4.0 # via pytest -pytest==7.4.0 - # via -r requirements/tests.in -python-dateutil==2.8.2 +pytest==8.1.1 + # via -r tests.in +python-dateutil==2.9.0.post0 # via freezegun six==1.16.0 # via python-dateutil diff --git a/requirements/typing.in b/requirements/typing.in index f0aa93a..8be59c5 100644 --- a/requirements/typing.in +++ b/requirements/typing.in @@ -1 +1,3 @@ mypy +pyright +pytest diff --git a/requirements/typing.txt b/requirements/typing.txt index 13afd66..ba1e8f1 100644 --- a/requirements/typing.txt +++ b/requirements/typing.txt @@ -1,13 +1,27 @@ -# SHA1:7983aaa01d64547827c20395d77e248c41b2572f # -# This file is autogenerated by pip-compile-multi -# To update, run: +# This file is autogenerated by pip-compile with Python 3.12 +# by the following command: # -# pip-compile-multi +# pip-compile typing.in # -mypy==1.4.1 - # via -r requirements/typing.in +iniconfig==2.0.0 + # via pytest +mypy==1.9.0 + # via -r typing.in mypy-extensions==1.0.0 # via mypy -typing-extensions==4.6.3 +nodeenv==1.8.0 + # via pyright +packaging==24.0 + # via pytest +pluggy==1.4.0 + # via pytest +pyright==1.1.358 + # via -r typing.in +pytest==8.1.1 + # via -r typing.in +typing-extensions==4.11.0 # via mypy + +# The following packages are considered to be unsafe in a requirements file: +# setuptools diff --git a/src/itsdangerous/timed.py b/src/itsdangerous/timed.py index cad8da3..e4d88cd 100644 --- a/src/itsdangerous/timed.py +++ b/src/itsdangerous/timed.py @@ -63,8 +63,7 @@ def unsign( # type: ignore signed_value: _t_str_bytes, max_age: _t_opt_int = None, return_timestamp: "_te.Literal[False]" = False, - ) -> bytes: - ... + ) -> bytes: ... @typing.overload def unsign( @@ -72,8 +71,7 @@ def unsign( signed_value: _t_str_bytes, max_age: _t_opt_int = None, return_timestamp: "_te.Literal[True]" = True, - ) -> _t.Tuple[bytes, datetime]: - ... + ) -> _t.Tuple[bytes, datetime]: ... def unsign( self, diff --git a/tests/test_itsdangerous/test_serializer.py b/tests/test_itsdangerous/test_serializer.py index cdc4191..2837121 100644 --- a/tests/test_itsdangerous/test_serializer.py +++ b/tests/test_itsdangerous/test_serializer.py @@ -18,13 +18,11 @@ @overload -def coerce_str(ref: str, s: str) -> str: - ... +def coerce_str(ref: str, s: str) -> str: ... @overload -def coerce_str(ref: bytes, s: str) -> bytes: - ... +def coerce_str(ref: bytes, s: str) -> bytes: ... def coerce_str(ref: Union[str, bytes], s: str) -> Union[str, bytes]: diff --git a/tox.ini b/tox.ini index 1b163ff..f7bc0b3 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py3{12,11,10,9,8,7} + py3{12,11,10,9,8} pypy310 style typing @@ -10,6 +10,8 @@ skip_missing_interpreters = true [testenv] package = wheel wheel_build_env = .pkg +constrain_package_deps = true +use_frozen_constraints = true deps = -r requirements/tests.txt commands = pytest -v --tb=short --basetemp={envtmpdir} {posargs} @@ -24,4 +26,18 @@ commands = mypy [testenv:docs] deps = -r requirements/docs.txt -commands = sphinx-build -W -b html -d {envtmpdir}/doctrees docs {envtmpdir}/html +commands = sphinx-build -E -W -b dirhtml docs docs/_build/dirhtml + +[testenv:update-requirements] +deps = + pip-tools + pre-commit +skip_install = true +change_dir = requirements +commands = + pre-commit autoupdate -j4 + pip-compile -U build.in + pip-compile -U docs.in + pip-compile -U tests.in + pip-compile -U typing.in + pip-compile -U dev.in