Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Password strength check for long passwords (backport #19756) #19765

Merged
merged 6 commits into from
Jan 25, 2023
Merged

fix: Password strength check for long passwords (backport #19756) #19765

merged 6 commits into from
Jan 25, 2023

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Jan 25, 2023

This is an automatic backport of pull request #19756 done by Mergify.

Mergify commands and options

More conditions and actions can be found in the documentation.

You can also trigger Mergify actions by commenting on this pull request:

  • @Mergifyio refresh will re-evaluate the rules
  • @Mergifyio rebase will rebase this PR on its base branch
  • @Mergifyio update will merge the base branch into this PR
  • @Mergifyio backport <destination> will backport this PR on <destination> branch

Additionally, on Mergify dashboard you can:

  • look at your merge queues
  • generate the Mergify configuration with the config editor.

Finally, you can contact us on https://mergify.com

@barredterra @mergify
feat: bump zxcvbn version
b2fd64f 
zxcvbn 4.4.28 no longer crashes on long, random passwords.

(cherry picked from commit 8aa8ea0)
@barredterra @mergify
fix: trim long passwords before check
1c325e9 
In order for the check to pass in a reasonable amount of time.

(cherry picked from commit d5a72b1)
@barredterra @mergify
refactor: imports
aeb2e71 
- remove unused imports
- import only the required patterns, not the entire file

(cherry picked from commit e61d878)
@barredterra @mergify
refactor: assign instead of update
0b9bc18 
(cherry picked from commit 2148dc7)
@barredterra @mergify
fix: use new source for zxcvbn
0cbc149 
(cherry picked from commit 92e684d)
@barredterra @mergify
feat: add test case for long passwords
aed3423 
(cherry picked from commit a33e345)
@mergify mergify bot requested a review from a team as a code owner January 25, 2023 05:26
@mergify mergify bot requested review from shariquerik and removed request for a team January 25, 2023 05:26
@ankush ankush merged commit a6315f9 into version-14-hotfix Jan 25, 2023
@ankush ankush deleted the mergify/bp/version-14-hotfix/pr-19756 branch January 25, 2023 05:50
frappe-pr-bot pushed a commit that referenced this pull request Jan 30, 2023
@frappe-bot
chore(release): Bumped to Version 14.25.0
c49bec8 
# [14.25.0](v14.24.0...v14.25.0) (2023-01-30)

### Bug Fixes

* add freeze message for bulk delete ([2a42036](2a42036))
* assertAlmostEqual with precision ([#19794](#19794)) ([9f7c4e0](9f7c4e0))
* Convert doctype name to string ([#19832](#19832)) ([#19834](#19834)) ([a45f31d](a45f31d))
* correct exit code on missing app failure ([#19676](#19676)) ([#19770](#19770)) ([f6139a4](f6139a4))
* **i18n:** Datepicker Turkish translations ([#19777](#19777)) ([#19831](#19831)) ([3e91fb1](3e91fb1))
* incorrect link when std field has problem (backport [#19744](#19744)) ([#19763](#19763)) ([4593bb9](4593bb9))
* **MariaDBTable:** dont attempt to drop index twice ([#19783](#19783)) ([67f80c6](67f80c6))
* Password strength check for long passwords (backport [#19756](#19756)) ([#19765](#19765)) ([a6315f9](a6315f9))
* respect disable sidebar stats on list view ([#19795](#19795)) ([5f57816](5f57816))
* sanitize traceback for common secrets ([#19805](#19805)) ([#19806](#19806)) ([ae6f2b1](ae6f2b1))
* use count instead of concatenated docnames ([06948d1](06948d1))

### Features

* Audit hooks report (backport [#19780](#19780)) ([#19828](#19828)) ([99bdf34](99bdf34))
* better freeze message ([c03f9e7](c03f9e7))
@frappe-pr-bot
Copy link
Collaborator

🎉 This PR is included in version 14.25.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

stephenBDT pushed a commit to alias/frappe that referenced this pull request Feb 7, 2023
@mergify @barredterra @stephenBDT
fix: Password strength check for long passwords (backport frappe#19756)…
20c39d9 
… (frappe#19765)

* feat: bump zxcvbn version

zxcvbn 4.4.28 no longer crashes on long, random passwords.

(cherry picked from commit 8aa8ea0)

* fix: trim long passwords before check

In order for the check to pass in a reasonable amount of time.

(cherry picked from commit d5a72b1)

* refactor: imports

- remove unused imports
- import only the required patterns, not the entire file

(cherry picked from commit e61d878)

* refactor: assign instead of update

(cherry picked from commit 2148dc7)

* fix: use new source for zxcvbn

(cherry picked from commit 92e684d)

* feat: add test case for long passwords

(cherry picked from commit a33e345)

Co-authored-by: barredterra <14891507+barredterra@users.noreply.github.com>
stephenBDT pushed a commit to alias/frappe that referenced this pull request Feb 7, 2023
@frappe-bot @stephenBDT
chore(release): Bumped to Version 14.25.0
2168f4a 
# [14.25.0](frappe/frappe@v14.24.0...v14.25.0) (2023-01-30)

### Bug Fixes

* add freeze message for bulk delete ([2a42036](frappe@2a42036))
* assertAlmostEqual with precision ([frappe#19794](frappe#19794)) ([9f7c4e0](frappe@9f7c4e0))
* Convert doctype name to string ([frappe#19832](frappe#19832)) ([frappe#19834](frappe#19834)) ([a45f31d](frappe@a45f31d))
* correct exit code on missing app failure ([frappe#19676](frappe#19676)) ([frappe#19770](frappe#19770)) ([f6139a4](frappe@f6139a4))
* **i18n:** Datepicker Turkish translations ([frappe#19777](frappe#19777)) ([frappe#19831](frappe#19831)) ([3e91fb1](frappe@3e91fb1))
* incorrect link when std field has problem (backport [frappe#19744](frappe#19744)) ([frappe#19763](frappe#19763)) ([4593bb9](frappe@4593bb9))
* **MariaDBTable:** dont attempt to drop index twice ([frappe#19783](frappe#19783)) ([67f80c6](frappe@67f80c6))
* Password strength check for long passwords (backport [frappe#19756](frappe#19756)) ([frappe#19765](frappe#19765)) ([a6315f9](frappe@a6315f9))
* respect disable sidebar stats on list view ([frappe#19795](frappe#19795)) ([5f57816](frappe@5f57816))
* sanitize traceback for common secrets ([frappe#19805](frappe#19805)) ([frappe#19806](frappe#19806)) ([ae6f2b1](frappe@ae6f2b1))
* use count instead of concatenated docnames ([06948d1](frappe@06948d1))

### Features

* Audit hooks report (backport [frappe#19780](frappe#19780)) ([frappe#19828](frappe#19828)) ([99bdf34](frappe@99bdf34))
* better freeze message ([c03f9e7](frappe@c03f9e7))
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 14, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@shariquerik shariquerik Awaiting requested review from shariquerik shariquerik is a code owner automatically assigned from frappe/frappe-review-team

Assignees

@barredterra barredterra

Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@frappe-pr-bot @ankush @barredterra