Merge branch 'release/2.0.5' into testing

Kotti · Mar 16, 2021 · 40cafa7 · 40cafa7
2 parents 191f972 + abe9c35
commit 40cafa7
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 9 deletions.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -1,6 +1,13 @@
 Change History
 ==============
 
+2.0.5 - 2021-03-16
+------------------
+
+- Fix sanitizer error when values are None (ie nothing to sanitize at all).
+- Pin Pyramid to < 2 (for now).
+- Pin SQLAlchemy to < 1.4 to prevent no longer working private import in sqlalchemy-utils.
+
 2.0.4 - 2020-11-20
 ------------------
 

diff --git a/COPYRIGHT.txt b/COPYRIGHT.txt
@@ -1,2 +1,2 @@
-Copyright (c) 2010-2020 Daniel Nouri, Andreas Kaiser and Contributors.
+Copyright (c) 2010-2021 Daniel Nouri, Andreas Kaiser and Contributors.
 All Rights Reserved
diff --git a/kotti/sanitizers.py b/kotti/sanitizers.py
@@ -138,6 +138,8 @@ def _setup_listeners(settings):
         def _create_handler(attributename, sanitizers):
             def handler(event):
                 value = getattr(event.object, attributename)
+                if value is None:
+                    return
                 for sanitizer_name in sanitizers.split(","):
                     value = settings["kotti.sanitizers"][sanitizer_name](value)
                 setattr(event.object, attributename, value)

diff --git a/kotti/tests/test_sanitizers.py b/kotti/tests/test_sanitizers.py
@@ -112,6 +112,13 @@ def test_listeners(app, root, db_session):
     _verify_no_html(doc.description)
     _verify_xss_protection(doc.body)
 
+    # Test None title
+    root["e"] = doc = Document(
+        name="test", title=None, description=unsanitized, body=unsanitized
+    )
+    db_session.flush()
+    assert doc.title == None
+
 
 def test_sanitize(app, dummy_request):
 

diff --git a/requirements.txt b/requirements.txt
@@ -3,7 +3,7 @@ anyascii==0.1.7
 appdirs==1.4.4
 Babel==2.9.0
 Beaker==1.11.0
-bleach==3.2.1
+bleach==3.3.0
 bleach-allowlist==1.0.3
 Chameleon==3.8.1
 click==7.1.2
@@ -65,7 +65,6 @@ SQLAlchemy-Utils==0.36.8
 transaction==3.0.0
 translationstring==1.4
 Unidecode==1.1.1
-usersettings==1.0.7
 venusian==3.0.0
 waitress==1.4.4
 webencodings==0.5.1

diff --git a/setup.py b/setup.py
@@ -4,7 +4,7 @@
 from setuptools import find_packages
 from setuptools import setup
 
-version = '2.0.4'
+version = '2.0.5'
 description = "A high-level, Pythonic web application framework based on " \
               "Pyramid and SQLAlchemy.  It includes an extensible Content " \
               "Management System called the Kotti CMS."
@@ -22,7 +22,7 @@
     'bleach>=3.1.4',
     'bleach-allowlist',
     'colander>=1.3.2',
-    'deform>=2.0.5',  # fixes file upload on py3 - uncomment after 2.0.5 is released  # noqa
+    'deform==2.0.14',  # 2.0.15 breaks js.deform
     'docopt',
     'fanstatic>=1.0.0',
     'filedepot',
@@ -31,7 +31,7 @@
     'iso8601>=0.1.13',
     'js.angular',
     'js.bootstrap>=3.0.0',
-    'js.deform>=2.0.3',
+    'js.deform==2.0.14',  # deform 2.0.15 breaks js.deform
     'js.fineuploader',
     'js.html5shiv',
     'js.jquery<2.0.0.dev',  # rq.filter: <2.0
@@ -42,7 +42,7 @@
     'js.jqueryui_tagit',
     'lingua>=1.3',
     'py_bcrypt',
-    'pyramid>=1.9',
+    'pyramid>=1.9,<2',
     'pyramid_beaker',
     'pyramid_chameleon',
     'pyramid_deform>=0.2a3',  # language and template path config includeme
@@ -52,11 +52,10 @@
     'repoze.lru',
     'repoze.workflow>=1.0b1',
     'repoze.zcml>=1.0b1',
-    'sqlalchemy>=1.0.0',
+    'sqlalchemy>=1.0.0,<1.4',  # https://github.com/kvesteri/sqlalchemy-utils/blob/master/sqlalchemy_utils/functions/orm.py#L14 fails on 1.4
     'sqlalchemy-utils',
     'transaction>=1.1.0',
     'unidecode',
-    'usersettings',
     'waitress',
     'zope.deprecation',
     'zope.interface',