Update to current versions of dependencies #43
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- improve nginx config - fix DATA_UPLOAD_MAX_MEMORY_SIZE default not being an int - translate fallback value in id_to_username template tag - make location of setting to turn on user exports easier to locate for admins fixes bookwyrm-social#3227 fixes bookwyrm-social#3231 fixes bookwyrm-social#3232 fixes bookwyrm-social#3236
Since arithmetic is not allowed in .env files, a change in unit for the variable seems most usable.
Support DATA_UPLOAD_MAX_MEMORY_MiB, only, in .env
Add search for author
…urityFixed Adds production.conf security configuration missing in version 0.7.2
fix multiple issues from user exports config changes
An instance of requests.get in isbn.py lacks a timeout, and this commit adds one with a default of 15 as used other places in the code, where requests.get does already have a timeout.
An instance of requests.get was missing a timeout; this commit adds a timeout of 15 as used in other places in this codebase which already have timeouts.
…d-timeouts-to-requests.get Add timeouts to requests.get
No Actual Changes
The types-requests==2.31.0.2 dependency was double-listed right next to each other; this commit removes one.
Alphabetize requirements.txt for developer convenience; this helps to find duplicates and unnecessarily-pinned subdependencies, as well as making the file easier to read and use.
|
Just going to merge this because it's into a working branch, and tbh I don't think I intend to merge from the Snyk branch directly once it passes tests at this point. Instead, I'll make the two updates again on a new branch when it's time. |
MaggieFero
merged commit c9f81c9
into
phildini:snyk-fix-a9700af0a4731c5b84efd9af7ac4551f
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I don't want to lose the history on the PR for this snyk fix branch by closing it, but it's currently running so many incorrect dependencies compared to our actual intended versions that I need to sync back up with something current. Using the main branch of my temp fork for that to keep this as simple as possible.