From 9696e8c8ded088ff5f9d8f3384a404933e911cd8 Mon Sep 17 00:00:00 2001 From: Christoph Ladurner Date: Thu, 28 Nov 2024 21:22:38 +0100 Subject: [PATCH 1/4] setup: pin dependencies --- setup.cfg | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/setup.cfg b/setup.cfg index 51ec54a4..5f8978e0 100644 --- a/setup.cfg +++ b/setup.cfg @@ -3,7 +3,7 @@ # This file is part of Invenio. # Copyright (C) 2015-2024 CERN. # Copyright (C) 2021 TU Wien. -# Copyright (C) 2022 Graz University of Technology. +# Copyright (C) 2022-2024 Graz University of Technology. # # Invenio is free software; you can redistribute it and/or modify it # under the terms of the MIT License; see LICENSE file for more details. @@ -31,11 +31,11 @@ install_requires = cryptography>=3.0.0 Flask-KVSession-Invenio>=0.6.3 Flask-Security-Invenio>=3.3.0 - invenio-celery>=1.2.3 - invenio-i18n>=2.0.0 - invenio-mail>=1.0.2 - invenio-rest>=1.2.4 - invenio-theme>=2.0.0 + invenio-celery>=1.2.3,<2.0.0 + invenio-i18n>=2.0.0,<3.0.0 + invenio-mail>=1.0.2,<3.0.0 + invenio-rest>=1.2.4,<2.0.0 + invenio-theme>=2.0.0,<4.0.0 maxminddb-geolite2>=2017.404 pyjwt>=1.5.0 simplekv>=0.11.2 @@ -43,18 +43,18 @@ install_requires = [options.extras_require] admin = - invenio-admin>=1.2.1 + invenio-admin>=1.2.1,<2.0.0 postgresql = - invenio-db[postgresql]>=1.0.14 + invenio-db[postgresql]>=1.0.14,<2.0.0 mysql = - invenio-db[mysql]>=1.0.14 + invenio-db[mysql]>=1.0.14,<2.0.0 sqlite = - invenio-db>=1.0.14 + invenio-db>=1.0.14,<2.0.0 tests = mock>=1.3.0 - invenio-app>=1.4.0 - pytest-black>=0.3.0 - pytest-invenio>=2.1.4 + invenio-app>=1.4.0,<2.0.0 + pytest-black-ng>=0.4.0 + pytest-invenio>=2.1.4,<3.0.0 sphinx>=5,<6.0.0 [options.entry_points] From 1421f3cc4066751de6245e7818943cf226faac5c Mon Sep 17 00:00:00 2001 From: Christoph Ladurner Date: Thu, 28 Nov 2024 21:24:19 +0100 Subject: [PATCH 2/4] setup: change to reusable workflows --- .github/workflows/pypi-publish.yml | 28 ++-------------------------- .github/workflows/tests.yml | 1 + 2 files changed, 3 insertions(+), 26 deletions(-) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index 2657cbc8..d37d460f 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -7,29 +7,5 @@ on: jobs: Publish: - runs-on: ubuntu-20.04 - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.7 - - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install setuptools wheel babel - - - name: Build package - # Remove `compile_catalog` if the package has no translations. - run: | - python setup.py compile_catalog sdist bdist_wheel - - - name: Publish on PyPI - uses: pypa/gh-action-pypi-publish@v1.3.1 - with: - user: __token__ - # The token is provided by the inveniosoftware organization - password: ${{ secrets.pypi_token }} + uses: inveniosoftware/workflows/.github/workflows/pypi-publish.yml@master + secrets: inherit diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index b59ac4f4..2263873a 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -26,3 +26,4 @@ jobs: uses: inveniosoftware/workflows/.github/workflows/tests-python.yml@master with: extras: "tests,admin,postgresql" + search-service: '[""]' From 68ff0f863d97e830c9adc12284f35a9c4ec9b65b Mon Sep 17 00:00:00 2001 From: Christoph Ladurner Date: Thu, 28 Nov 2024 23:17:35 +0100 Subject: [PATCH 3/4] fix: jwt lib changed * pyjwt 2.10.0 changed the api to decode. verify-sub is now default. this change reinstates the old behavior --- invenio_accounts/utils.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/invenio_accounts/utils.py b/invenio_accounts/utils.py index 4711e2a4..077537ed 100644 --- a/invenio_accounts/utils.py +++ b/invenio_accounts/utils.py @@ -2,6 +2,7 @@ # # This file is part of Invenio. # Copyright (C) 2017-2024 CERN. +# Copyright (C) 2024 Graz University of Technology. # # Invenio is free software; you can redistribute it and/or modify it # under the terms of the MIT License; see LICENSE file for more details. @@ -105,6 +106,13 @@ def jwt_decode_token(token): return decode( token, current_app.config["ACCOUNTS_JWT_SECRET_KEY"], + options={ + # Based on the JWT spec (https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2) + # the "sub" claim has to be a string. However, we are not enforcing this + # and are assuming that the "sub" claim is an object/dictionary. + # PyJWT v2.10.0 started enforcing this and we are disabling this check. + "verify_sub": False, + }, algorithms=[current_app.config["ACCOUNTS_JWT_ALOGORITHM"]], ) except DecodeError as exc: From 22da91805e66dc9d20e35cbcae4a3e0a63781f18 Mon Sep 17 00:00:00 2001 From: Christoph Ladurner Date: Thu, 28 Nov 2024 21:25:07 +0100 Subject: [PATCH 4/4] release: v5.1.6 --- CHANGES.rst | 5 +++++ invenio_accounts/__init__.py | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index 445077f8..5770f251 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,6 +1,7 @@ .. This file is part of Invenio. Copyright (C) 2015-2024 CERN. + Copyright (C) 2024 Graz University of Technology. Invenio is free software; you can redistribute it and/or modify it under the terms of the MIT License; see LICENSE file for more details. @@ -8,6 +9,10 @@ Changes ======= +Version v5.1.6 (released 2024-11-28) + +- setup: pin dependencies + Version v5.1.5 (released 2024-11-05) - model: make forward compatible to sqlalchemy >= 2 diff --git a/invenio_accounts/__init__.py b/invenio_accounts/__init__.py index 3fb2c006..aeb40513 100644 --- a/invenio_accounts/__init__.py +++ b/invenio_accounts/__init__.py @@ -55,7 +55,7 @@ from .ext import InvenioAccounts, InvenioAccountsREST, InvenioAccountsUI from .proxies import current_accounts -__version__ = "5.1.5" +__version__ = "5.1.6" __all__ = ( "__version__",