Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Filter unnecessary deps from User-Agent string #871

Merged
merged 5 commits into from Feb 28, 2022

Conversation

stefanor
Copy link
Contributor

@stefanor stefanor commented Feb 9, 2022

And canonicalize them in our dependencies, so tests pass with an installed twine.

Closes: #870

@bhrutledge bhrutledge self-requested a review Feb 25, 2022
Copy link
Contributor

@bhrutledge bhrutledge left a comment

Sorry for the lag on this; I appreciate the fix.

twine/repository.py Outdated Show resolved Hide resolved
Revert back to a manual list of packages reported in the User-Agent
string and --version. Reverting the part of pypa#858 that switched to
parsing twine's requires.

See: pypa#870
twine/cli.py Outdated Show resolved Hide resolved
Copy link
Contributor

@bhrutledge bhrutledge left a comment

With the changes I just pushed, I'm happy with this, but I'd love @di to confirm that it's okay to remove the dependencies.

@bhrutledge bhrutledge requested a review from di Feb 27, 2022
@di
Copy link
Sponsor Member

@di di commented Feb 28, 2022

I think I'm +0 on this. These have been useful to have at least once in the past, but I can also see the potential privacy implications.

@bhrutledge bhrutledge merged commit c506b22 into pypa:main Feb 28, 2022
23 of 24 checks passed
@stefanor stefanor deleted the user-agent-filter branch Feb 28, 2022
bhrutledge added a commit that referenced this issue Mar 2, 2022
* Canonicalize dependencies

Closes: #870

* Explicitly select packages for User-Agent inclusion

Revert back to a manual list of packages reported in the User-Agent
string and --version. Reverting the part of #858 that switched to
parsing twine's requires.

See: #870

* Update package list

* Remove dependencies from User-Agent

* Add changelog entry

Co-authored-by: Brian Rutledge <brian@bhrutledge.com>
mergify bot pushed a commit to andrewbolster/bolster that referenced this issue Apr 2, 2022
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [twine](https://github.com/pypa/twine) from 3.8.0 to 4.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p>
<blockquote>
<h2>Twine 4.0.0 (2022-03-31)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Drop support for Python 3.6. (<code>[#869](pypa/twine#869) &lt;https://github.com/pypa/twine/issues/869&gt;</code>_)</li>
<li>Use Rich to add color to <code>upload</code> output. (<code>[#851](pypa/twine#851) &lt;https://github.com/pypa/twine/issues/851&gt;</code>_)</li>
<li>Use Rich to add color to <code>check</code> output. (<code>[#874](pypa/twine#874) &lt;https://github.com/pypa/twine/issues/874&gt;</code>_)</li>
<li>Use Rich instead of tqdm for upload progress bar. (<code>[#877](pypa/twine#877) &lt;https://github.com/pypa/twine/issues/877&gt;</code>_)</li>
</ul>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Remove Twine's dependencies from the <code>User-Agent</code> header when uploading. (<code>[#871](pypa/twine#871) &lt;https://github.com/pypa/twine/issues/871&gt;</code>_)</li>
<li>Improve detection of disabled BLAKE2 hashing due to FIPS mode. (<code>[#879](pypa/twine#879) &lt;https://github.com/pypa/twine/issues/879&gt;</code>_)</li>
<li>Restore warning for missing <code>long_description</code>. (<code>[#887](pypa/twine#887) &lt;https://github.com/pypa/twine/issues/887&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/twine/commit/36695abf8837aba72d87304d99b789c3f2872c99"><code>36695ab</code></a> Update changelog for 4.0.0 (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/888">#888</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/4931a2a413229a77d1848bebd02b15f6d106ab69"><code>4931a2a</code></a> Make missing <code>long_description</code> check more flexible (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/887">#887</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/7cd0b236bf1b7531bc57ee7647fdb7054890486d"><code>7cd0b23</code></a> Subclass StringIO for _WarningStream. (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/886">#886</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/aa7c0473f0fc12b0b92376dc9d437929bde7713f"><code>aa7c047</code></a> Update sampleproject fixture (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/885">#885</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/a6dd69c79f7b5abfb79022092a5d3776a499e31b"><code>a6dd69c</code></a> Adopt Python 3.7+ syntax (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/882">#882</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/a0ba32dcd0ea5af5de7b88d6645b7743bf003760"><code>a0ba32d</code></a> Drop support for Python 3.6 (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/869">#869</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/55652f0a65d433860024650d0d66f62b690fe26c"><code>55652f0</code></a> Replace tqdm with Rich for progress bar (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/877">#877</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/c506b225b3ab57a40571001825dea0058a55807a"><code>c506b22</code></a> Filter unnecessary deps from User-Agent string (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/871">#871</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/a9e9cd6ecec3c4d4504704ccaba08be487d67ebf"><code>a9e9cd6</code></a> Fix detection of FIPS mode for blake2b (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/879">#879</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/f69d4b7e41b8d40342133d5c8e43df7316e73993"><code>f69d4b7</code></a> Use Rich for <code>print()</code> output (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/878">#878</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/3.8.0...4.0.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=twine&package-manager=pip&previous-version=3.8.0&new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit to aws/jsii that referenced this issue Apr 5, 2022
…/packages/jsii-pacmak/lib/targets/python (#3469)

Updates the requirements on [twine](https://github.com/pypa/twine) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p>
<blockquote>
<h2>Twine 4.0.0 (2022-03-31)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Drop support for Python 3.6. (<code>[#869](pypa/twine#869) &lt;https://github.com/pypa/twine/issues/869&gt;</code>_)</li>
<li>Use Rich to add color to <code>upload</code> output. (<code>[#851](pypa/twine#851) &lt;https://github.com/pypa/twine/issues/851&gt;</code>_)</li>
<li>Use Rich to add color to <code>check</code> output. (<code>[#874](pypa/twine#874) &lt;https://github.com/pypa/twine/issues/874&gt;</code>_)</li>
<li>Use Rich instead of tqdm for upload progress bar. (<code>[#877](pypa/twine#877) &lt;https://github.com/pypa/twine/issues/877&gt;</code>_)</li>
</ul>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Remove Twine's dependencies from the <code>User-Agent</code> header when uploading. (<code>[#871](pypa/twine#871) &lt;https://github.com/pypa/twine/issues/871&gt;</code>_)</li>
<li>Improve detection of disabled BLAKE2 hashing due to FIPS mode. (<code>[#879](pypa/twine#879) &lt;https://github.com/pypa/twine/issues/879&gt;</code>_)</li>
<li>Restore warning for missing <code>long_description</code>. (<code>[#887](pypa/twine#887) &lt;https://github.com/pypa/twine/issues/887&gt;</code>_)</li>
</ul>
<h2>Twine 3.8.0 (2022-02-02)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Add <code>--verbose</code> logging for querying keyring credentials. (<code>[#849](pypa/twine#849) &lt;https://github.com/pypa/twine/issues/849&gt;</code>_)</li>
<li>Log all upload responses with <code>--verbose</code>. (<code>[#859](pypa/twine#859) &lt;https://github.com/pypa/twine/issues/859&gt;</code>_)</li>
<li>Show more helpful error message for invalid metadata. (<code>[#861](pypa/twine#861) &lt;https://github.com/pypa/twine/issues/861&gt;</code>_)</li>
</ul>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Require a recent version of urllib3. (<code>[#858](pypa/twine#858) &lt;https://github.com/pypa/twine/issues/858&gt;</code>_)</li>
</ul>
<h2>Twine 3.7.1 (2021-12-07)</h2>
<p>Improved Documentation
^^^^^^^^^^^^^^^^^^^^^^</p>
<ul>
<li>Fix broken link to packaging tutorial. (<code>[#844](pypa/twine#844) &lt;https://github.com/pypa/twine/issues/844&gt;</code>_)</li>
</ul>
<h2>Twine 3.7.0 (2021-12-01)</h2>
<p>Features</p>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/twine/commit/36695abf8837aba72d87304d99b789c3f2872c99"><code>36695ab</code></a> Update changelog for 4.0.0 (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/888">#888</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/4931a2a413229a77d1848bebd02b15f6d106ab69"><code>4931a2a</code></a> Make missing <code>long_description</code> check more flexible (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/887">#887</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/7cd0b236bf1b7531bc57ee7647fdb7054890486d"><code>7cd0b23</code></a> Subclass StringIO for _WarningStream. (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/886">#886</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/aa7c0473f0fc12b0b92376dc9d437929bde7713f"><code>aa7c047</code></a> Update sampleproject fixture (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/885">#885</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/a6dd69c79f7b5abfb79022092a5d3776a499e31b"><code>a6dd69c</code></a> Adopt Python 3.7+ syntax (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/882">#882</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/a0ba32dcd0ea5af5de7b88d6645b7743bf003760"><code>a0ba32d</code></a> Drop support for Python 3.6 (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/869">#869</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/55652f0a65d433860024650d0d66f62b690fe26c"><code>55652f0</code></a> Replace tqdm with Rich for progress bar (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/877">#877</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/c506b225b3ab57a40571001825dea0058a55807a"><code>c506b22</code></a> Filter unnecessary deps from User-Agent string (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/871">#871</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/a9e9cd6ecec3c4d4504704ccaba08be487d67ebf"><code>a9e9cd6</code></a> Fix detection of FIPS mode for blake2b (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/879">#879</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/f69d4b7e41b8d40342133d5c8e43df7316e73993"><code>f69d4b7</code></a> Use Rich for <code>print()</code> output (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/878">#878</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/3.8.0...4.0.0">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit to aws/jsii that referenced this issue Jun 1, 2022
…/packages/jsii-pacmak/lib/targets/python (#3568)

Updates the requirements on [twine](https://github.com/pypa/twine) to permit the latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/releases">twine's releases</a>.</em></p>
<blockquote>
<h2>4.0.1</h2>
<p><a href="https://pypi.org/project/twine/4.0.1/">https://pypi.org/project/twine/4.0.1/</a></p>
<p><a href="https://twine.readthedocs.io/en/stable/changelog.html#twine-4-0-1-2022-06-01">Changelog</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p>
<blockquote>
<h2>Twine 4.0.1 (2022-06-01)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Improve logging when keyring fails. (<code>[#890](pypa/twine#890) &lt;https://github.com/pypa/twine/issues/890&gt;</code>_)</li>
<li>Reconfgure root logger to show all log messages. (<code>[#896](pypa/twine#896) &lt;https://github.com/pypa/twine/issues/896&gt;</code>_)</li>
</ul>
<h2>Twine 4.0.0 (2022-03-31)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Drop support for Python 3.6. (<code>[#869](pypa/twine#869) &lt;https://github.com/pypa/twine/issues/869&gt;</code>_)</li>
<li>Use Rich to add color to <code>upload</code> output. (<code>[#851](pypa/twine#851) &lt;https://github.com/pypa/twine/issues/851&gt;</code>_)</li>
<li>Use Rich to add color to <code>check</code> output. (<code>[#874](pypa/twine#874) &lt;https://github.com/pypa/twine/issues/874&gt;</code>_)</li>
<li>Use Rich instead of tqdm for upload progress bar. (<code>[#877](pypa/twine#877) &lt;https://github.com/pypa/twine/issues/877&gt;</code>_)</li>
</ul>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Remove Twine's dependencies from the <code>User-Agent</code> header when uploading. (<code>[#871](pypa/twine#871) &lt;https://github.com/pypa/twine/issues/871&gt;</code>_)</li>
<li>Improve detection of disabled BLAKE2 hashing due to FIPS mode. (<code>[#879](pypa/twine#879) &lt;https://github.com/pypa/twine/issues/879&gt;</code>_)</li>
<li>Restore warning for missing <code>long_description</code>. (<code>[#887](pypa/twine#887) &lt;https://github.com/pypa/twine/issues/887&gt;</code>_)</li>
</ul>
<h2>Twine 3.8.0 (2022-02-02)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Add <code>--verbose</code> logging for querying keyring credentials. (<code>[#849](pypa/twine#849) &lt;https://github.com/pypa/twine/issues/849&gt;</code>_)</li>
<li>Log all upload responses with <code>--verbose</code>. (<code>[#859](pypa/twine#859) &lt;https://github.com/pypa/twine/issues/859&gt;</code>_)</li>
<li>Show more helpful error message for invalid metadata. (<code>[#861](pypa/twine#861) &lt;https://github.com/pypa/twine/issues/861&gt;</code>_)</li>
</ul>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Require a recent version of urllib3. (<code>[#858](pypa/twine#858) &lt;https://github.com/pypa/twine/issues/858&gt;</code>_)</li>
</ul>
<h2>Twine 3.7.1 (2021-12-07)</h2>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/twine/commit/8f5e5d6d42d582ef3ea6ef07da277e0cabd22fd2"><code>8f5e5d6</code></a> Update changelog for 4.0.1 (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/904">#904</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/62f3c67fa2f74cde433d6003b7ebf4256f129a7d"><code>62f3c67</code></a> Log keyring tracebacks (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/890">#890</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/d30df7038fd3545e30a2c9bd3728aa787659aa38"><code>d30df70</code></a> Update links to requests docs (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/899">#899</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/5525a2a628317eecb891859e395b0a54f2c57043"><code>5525a2a</code></a> Restore missing <code>__main__</code> logs (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/896">#896</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/b0b932f2da604e90f8a7a5a5c7e2841f519a8fb7"><code>b0b932f</code></a> Fix typos in tests (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/898">#898</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/4223ee154f1c962a0c33e2a3a95ed4c42bc62d41"><code>4223ee1</code></a> Require latest version of readme_renderer (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/892">#892</a>)</li>
<li>See full diff in <a href="https://github.com/pypa/twine/compare/4.0.0...4.0.1">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants