Creation & manipulation of PyPI tokens

Overview

PyPIToken: Manipulate PyPI API tokens

Deployed to PyPI Deployed to PyPI GitHub Repository Continuous Integration Documentation Coverage MIT License Contributor Covenant

PyPIToken is an open-source Python 3.6+ library for generating and manipulating PyPI tokens.

PyPI tokens are very powerful, as that they are based on Macaroons. They allow the bearer to add additional restrictions to an existing token. For example, given a PyPI token that can upload releases for any project of its owner, you can generate a token that will only allow some projects, or even a single one.

Here's an example:

$ pip install pypitoken
import pypitoken

token = pypitoken.Token.load("pypi-foobartoken")

print(token.restrictions)
# [NoopRestriction()]

token.restrict(projects=["requests"])

print(token.restrictions)
# [NoopRestriction(), ProjectsRestriction(projects=["requests"])]

token.dump()
# pypi-newfoobartoken

This token we've created above will be restricted to uploading releases of requests. Of course, your PyPI user will still need to have upload permissions on requests for this to happen.

The aim of this library is to provide a simple toolbelt for manipulating PyPI tokens. Ideally, someday, PyPI (Warehouse) itself may generate their tokens using this library too. This should make it easier to iterate on new kinds of restrictions for PyPI tokens, such as those discussed in the original implementation issue.

A discussion for integrating this library to the Warehouse environment is ongoing:

Where to go from here

The complete docs is probably the best place to learn about the project.

If you encounter a bug, or want to get in touch, you're always welcome to open a ticket.

Comments
  • Add DateRestrictions

    Add DateRestrictions

    Closes #92

    Hey @fschulze :) Do you think you could do a round of code review ? Also, I haven't taken the time to try the new macaroons against (Test)PyPI, so if you want to give it a try, feel free :) (you can generate an unscoped token on TestPyPI, then use this PR to create 2 tokens with time restrictions: one that includes now and one that excludes now. PyPI should let you upload with the first one and not with the 2nd one)

    Checklist:

    • [x] Tests
      • [ ] (not applicable?)
    • [x] Documentation
      • [ ] (not applicable?)
    opened by ewjoachim 5
  • Bump dunamai from 1.5.5 to 1.7.0

    Bump dunamai from 1.5.5 to 1.7.0

    Bumps dunamai from 1.5.5 to 1.7.0.

    Release notes

    Sourced from dunamai's releases.

    v1.7.0 (2021-10-31)

    • Broadened the default version tag pattern to allow more separator styles recognized in PEP 440 pre-normalized forms (-, ., and _).
    • Enhanced serialize_pep440() to normalize the alternative prerelease names (alpha -> a, beta -> b, c/pre/preview -> rc) and capitalizations (RC -> rc, etc).
    • Added a py.typed file for PEP-561. (Contributed by wwuck)
    • Replaced pkg_resources dependency with packaging and importlib_metadata. (Contributed by flying-sheep)
    • Added some missing public items to __all__.

    v1.6.0 (2021-08-09)

    • Fixed an oversight where the default version tag pattern would only find tags with exactly three parts in the base (e.g., v1.0.0 and v1.2.3). This is now relaxed so that v1, v1.2.3.4, and so on are also recognized.

      If you prefer the old default, you can pass a custom --pattern on the command line or a custom pattern to the Version.from_* methods. Specifically, the previous default used ^v(?P<base>\d+\.\d+\.\d+) instead of the new ^v(?P<base>\d+(\.\d+)*), but the rest of the pattern is the same in both defaults.

    • Added support for execution via python -m dunamai. (Contributed by jstriebel)

    Changelog

    Sourced from dunamai's changelog.

    v1.7.0 (2021-10-31)

    • Broadened the default version tag pattern to allow more separator styles recognized in PEP 440 pre-normalized forms (-, ., and _).
    • Enhanced serialize_pep440() to normalize the alternative prerelease names (alpha -> a, beta -> b, c/pre/preview -> rc) and capitalizations (RC -> rc, etc).
    • Added a py.typed file for PEP-561. (Contributed by wwuck)
    • Replaced pkg_resources dependency with packaging and importlib_metadata. (Contributed by flying-sheep)
    • Added some missing public items to __all__.

    v1.6.0 (2021-08-09)

    • Fixed an oversight where the default version tag pattern would only find tags with exactly three parts in the base (e.g., v1.0.0 and v1.2.3). This is now relaxed so that v1, v1.2.3.4, and so on are also recognized.
    • Added support for execution via python -m dunamai. (Contributed by jstriebel)
    Commits
    • 3e2173e Release v1.7.0
    • 0f8c364 Allow more separator styles in tags and normalize certain alternative stage n...
    • 6e4e290 Add workaround for Git 2.21.0 tests
    • be765c6 Fix pre-commit hook issue and newer Git compatibility in tests
    • 1c16f9b Merge pull request #29 from flying-sheep/no-pkg-resources
    • 7e0c312 Merge pull request #25 from wwuck/feature/pep561
    • 71dbec5 Apparently old pytest doesn’t support tool.pytest.ini_options
    • 9a8729d Switch to packaging and importlib_metadata
    • 19760aa Add py.typed file for PEP-561
    • 18dfa02 Release v1.6.0
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 4
  • Bump pytest-cov from 2.11.1 to 3.0.0

    Bump pytest-cov from 2.11.1 to 3.0.0

    Bumps pytest-cov from 2.11.1 to 3.0.0.

    Changelog

    Sourced from pytest-cov's changelog.

    3.0.0 (2021-10-04)

    Note that this release drops support for Python 2.7 and Python 3.5.

    • Added support for Python 3.10 and updated various test dependencies. Contributed by Hugo van Kemenade in [#500](https://github.com/pytest-dev/pytest-cov/issues/500) <https://github.com/pytest-dev/pytest-cov/pull/500>_.
    • Switched from Travis CI to GitHub Actions. Contributed by Hugo van Kemenade in [#494](https://github.com/pytest-dev/pytest-cov/issues/494) <https://github.com/pytest-dev/pytest-cov/pull/494>_ and [#495](https://github.com/pytest-dev/pytest-cov/issues/495) <https://github.com/pytest-dev/pytest-cov/pull/495>_.
    • Add a --cov-reset CLI option. Contributed by Danilo Šegan in [#459](https://github.com/pytest-dev/pytest-cov/issues/459) <https://github.com/pytest-dev/pytest-cov/pull/459>_.
    • Improved validation of --cov-fail-under CLI option. Contributed by ... Ronny Pfannschmidt's desire for skark in [#480](https://github.com/pytest-dev/pytest-cov/issues/480) <https://github.com/pytest-dev/pytest-cov/pull/480>_.
    • Dropped Python 2.7 support. Contributed by Thomas Grainger in [#488](https://github.com/pytest-dev/pytest-cov/issues/488) <https://github.com/pytest-dev/pytest-cov/pull/488>_.
    • Updated trove classifiers. Contributed by Michał Bielawski in [#481](https://github.com/pytest-dev/pytest-cov/issues/481) <https://github.com/pytest-dev/pytest-cov/pull/481>_.

    2.13.0 (2021-06-01)

    • Changed the toml requirement to be always be directly required (instead of being required through a coverage extra). This fixes issues with pip-compile (pip-tools#1300 <https://github.com/jazzband/pip-tools/issues/1300>). Contributed by Sorin Sbarnea in [#472](https://github.com/pytest-dev/pytest-cov/issues/472) <https://github.com/pytest-dev/pytest-cov/pull/472>.
    • Documented show_contexts. Contributed by Brian Rutledge in [#473](https://github.com/pytest-dev/pytest-cov/issues/473) <https://github.com/pytest-dev/pytest-cov/pull/473>_.

    2.12.1 (2021-06-01)

    • Changed the toml requirement to be always be directly required (instead of being required through a coverage extra). This fixes issues with pip-compile (pip-tools#1300 <https://github.com/jazzband/pip-tools/issues/1300>). Contributed by Sorin Sbarnea in [#472](https://github.com/pytest-dev/pytest-cov/issues/472) <https://github.com/pytest-dev/pytest-cov/pull/472>.
    • Documented show_contexts. Contributed by Brian Rutledge in [#473](https://github.com/pytest-dev/pytest-cov/issues/473) <https://github.com/pytest-dev/pytest-cov/pull/473>_.

    2.12.0 (2021-05-14)

    • Added coverage's toml extra to install requirements in setup.py. Contributed by Christian Riedel in [#410](https://github.com/pytest-dev/pytest-cov/issues/410) <https://github.com/pytest-dev/pytest-cov/pull/410>_.
    • Fixed pytest_cov.__version__ to have the right value (string with version instead of a string including __version__ =).

    ... (truncated)

    Commits
    • 560b955 Bump version: 2.12.1 → 3.0.0
    • e988a6c Update changelog.
    • f015932 Merge pull request #500 from hugovk/add-3.10
    • 60a3cc1 No need to build universal wheels for Python 3-only
    • 0bc997a Add support for Python 3.10
    • 679935b Merge pull request #494 from hugovk/test-on-github-actions
    • 96f9aad Add 'all good' job to be added as a required build
    • 6395ece Test conditional collection on PyPy and CPython
    • f4a88d6 Test both PyPy3.6 and PyPy3.7
    • a948e89 Test both PyPy3.6 and PyPy3.7
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 3
  • Handle new Caveat format

    Handle new Caveat format

    We introduced a new caveat format in https://github.com/pypi/warehouse/pull/11903, which currently pypitoken can't handle:

    >>> token.restrictions
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File "/home/di/git/ewjoachim/pypitoken/pypitoken/token.py", line 671, in restrictions
        return [
      File "/home/di/git/ewjoachim/pypitoken/pypitoken/token.py", line 672, in <listcomp>
        Restriction.load_json(caveat=caveat.caveat_id)
      File "/home/di/git/ewjoachim/pypitoken/pypitoken/token.py", line 137, in load_json
        return cls.load(caveat=caveat_obj)
      File "/home/di/git/ewjoachim/pypitoken/pypitoken/token.py", line 118, in load
        raise exceptions.LoaderError(
    pypitoken.exceptions.LoaderError: Could not find matching Restriction for [4, '89e9fdb4-1a5f-49d4-8bc5-d5840a14a311']
    
    opened by di 2
  • Bump dunamai from 1.11.0 to 1.11.1

    Bump dunamai from 1.11.0 to 1.11.1

    Bumps dunamai from 1.11.0 to 1.11.1.

    Release notes

    Sourced from dunamai's releases.

    v1.11.1 (2022-04-05)

    • Fixed the --bump CLI option and the bump argument of Version.serialize bumping even on a commit with a version tag. Now, no bumping occurs on such a commit.
    Changelog

    Sourced from dunamai's changelog.

    v1.11.1 (2022-04-05)

    • Fixed the --bump CLI option and the bump argument of Version.serialize bumping even on a commit with a version tag. Now, no bumping occurs on such a commit.
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 2
  • Bump sphinx from 3.5.4 to 4.4.0

    Bump sphinx from 3.5.4 to 4.4.0

    Bumps sphinx from 3.5.4 to 4.4.0.

    Release notes

    Sourced from sphinx's releases.

    v4.4.0

    Changelog: https://www.sphinx-doc.org/en/master/changes.html

    v4.3.1

    No release notes provided.

    Changelog

    Sourced from sphinx's changelog.

    Release 4.4.0 (released Jan 17, 2022)

    Dependencies

    • #10007: Use importlib_metadata for python-3.9 or older
    • #10007: Drop setuptools

    Features added

    • #9075: autodoc: Add a config variable :confval:autodoc_typehints_format to suppress the leading module names of typehints of function signatures (ex. io.StringIO -> StringIO)
    • #9831: Autosummary now documents only the members specified in a module's __all__ attribute if :confval:autosummary_ignore_module_all is set to False. The default behaviour is unchanged. Autogen also now supports this behavior with the --respect-module-all switch.
    • #9555: autosummary: Improve error messages on failure to load target object
    • #9800: extlinks: Emit warning if a hardcoded link is replaceable by an extlink, suggesting a replacement.
    • #9961: html: Support nested HTML elements in other HTML builders
    • #10013: html: Allow to change the loading method of JS via loading_method parameter for :meth:Sphinx.add_js_file()
    • #9551: html search: "Hide Search Matches" link removes "highlight" parameter from URL
    • #9815: html theme: Wrap sidebar components in div to allow customizing their layout via CSS
    • #9827: i18n: Sort items in glossary by translated terms
    • #9899: py domain: Allows to specify cross-reference specifier (. and ~) as :type: option
    • #9894: linkcheck: add option linkcheck_exclude_documents to disable link checking in matched documents.
    • #9793: sphinx-build: Allow to use the parallel build feature in macOS on macOS and Python3.8+
    • #10055: sphinx-build: Create directories when -w option given
    • #9993: std domain: Allow to refer an inline target (ex. ``_target name```) via :rst:role:ref` role
    • #9981: std domain: Strip value part of the option directive from general index
    • #9391: texinfo: improve variable in samp role
    • #9578: texinfo: Add :confval:texinfo_cross_references to disable cross references for readability with standalone readers
    • #9822 (and #9062), add new Intersphinx role :rst:role:external for explict lookup in the external projects, without resolving to the local project.

    Bugs fixed

    • #9866: autodoc: doccomment for the imported class was ignored

    ... (truncated)

    Commits
    • 88f9647 Bump to 4.4.0 final
    • fc428ad Merge pull request #9822 from jakobandersen/intersphinx_role
    • 5d595ec intersphinx role, simplify role_name check
    • 6ee0ecb intersphinx role, simplify role name matching
    • 3bf8bcd intersphinx role, update docs
    • c11b109 intersphinx role: :external+inv:: instead of :external:inv+:
    • 9589a2b intersphinx role, remove redundant method
    • 941db55 intersphinx role, fix flake8 warnings
    • 9a3f2b8 intersphinx role, CHANGES
    • 540d760 intersphinx role, documentation
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 2
  • Bump jsonschema from 4.17.0 to 4.17.1

    Bump jsonschema from 4.17.0 to 4.17.1

    Bumps jsonschema from 4.17.0 to 4.17.1.

    Release notes

    Sourced from jsonschema's releases.

    v4.17.1

    Full Changelog: https://github.com/python-jsonschema/jsonschema/compare/v4.17.0...v4.17.1

    Changelog

    Sourced from jsonschema's changelog.

    v4.17.1

    • The error message when using unevaluatedProperties with a non-trivial schema value (i.e. something other than false) has been improved (#996).
    Commits
    • 46fdb98 v4.17.1 -> CHANGELOG
    • 000dd3d Remove making believe we are ReadTheDocs in CI builds.
    • 5563044 Skip the rest of the docs builds on Windows in CI.
    • 198d1af Run more things with 3.11 in CI.
    • da35584 Suppress epub warnings for duplicated ToC entries.
    • be86aad Temporarily evade wpilibsuite/sphinxext-opengraph#87
    • 9069484 Update docs requirements.
    • 4f8f346 Un-bundle single-vocabulary meta-schemas.
    • 7830605 Emit a better error message for unevaluatedProperties with a subschema.
    • 75903d8 Merge commit '62e69b2c3be9e30c50bea2e595eb2afcd13666ec'
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 1
  • Bump actions/cache from 2 to 3.0.1

    Bump actions/cache from 2 to 3.0.1

    Bumps actions/cache from 2 to 3.0.1.

    Release notes

    Sourced from actions/cache's releases.

    v3.0.1

    • Added support for caching from GHES 3.5.
    • Fixed download issue for files > 2GB during restore.

    v3.0.0

    • This change adds a minimum runner version(node12 -> node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via github connect or manually copying the repo to their GHES instance.

    • Few dependencies and cache action usage examples have also been updated.

    v2.1.7

    Support 10GB cache upload using the latest version 1.0.8 of @actions/cache

    v2.1.6

    • Catch unhandled "bad file descriptor" errors that sometimes occurs when the cache server returns non-successful response (actions/cache#596)

    v2.1.5

    • Fix permissions error seen when extracting caches with GNU tar that were previously created using BSD tar (actions/cache#527)

    v2.1.4

    • Make caching more verbose #650
    • Use GNU tar on macOS if available #701

    v2.1.3

    • Upgrades @actions/core to v1.2.6 for CVE-2020-15228. This action was not using the affected methods.
    • Fix error handling in uploadChunk where 400-level errors were not being detected and handled correctly

    v2.1.2

    • Adds input to limit the chunk upload size, useful for self-hosted runners with slower upload speeds
    • No-op when executing on GHES

    v2.1.1

    • Update @actions/cache package to v1.0.2 which allows cache action to use posix format when taring files.

    v2.1.0

    • Replaces the http-client with the Azure Storage SDK for NodeJS when downloading cache content from Azure. This should help improve download performance and reliability as the SDK downloads files in 4 MB chunks, which can be parallelized and retried independently
    • Display download progress and speed
    Changelog

    Sourced from actions/cache's changelog.

    3.0.1

    • Added support for caching from GHES 3.5.
    • Fixed download issue for files > 2GB during restore.
    Commits
    • 136d96b Enabling actions/cache for GHES based on presence of AC service (#774)
    • 7d4f40b Bumping up the version to fix download issue for files > 2 GB. (#775)
    • 2d8d0d1 Updated what's new. (#771)
    • 7799d86 Updated the usage and docs to the major version release. (#770)
    • 4b0cf6c Merge pull request #769 from actions/users/ashwinsangem/bump_major_version
    • 60c606a Update licensed files
    • b6e9a91 Revert "Updated to the latest version."
    • c842503 Updated to the latest version.
    • 2b7da2a Bumped up to a major version.
    • deae296 Merge pull request #651 from magnetikonline/fix-golang-windows-example
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies github_actions 
    opened by dependabot[bot] 1
  • Bump actions/cache from 2 to 3

    Bump actions/cache from 2 to 3

    Bumps actions/cache from 2 to 3.

    Release notes

    Sourced from actions/cache's releases.

    v3.0.0

    • This change adds a minimum runner version(node12 -> node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via github connect or manually copying the repo to their GHES instance.

    • Few dependencies and cache action usage examples have also been updated.

    v2.1.7

    Support 10GB cache upload using the latest version 1.0.8 of @actions/cache

    v2.1.6

    • Catch unhandled "bad file descriptor" errors that sometimes occurs when the cache server returns non-successful response (actions/cache#596)

    v2.1.5

    • Fix permissions error seen when extracting caches with GNU tar that were previously created using BSD tar (actions/cache#527)

    v2.1.4

    • Make caching more verbose #650
    • Use GNU tar on macOS if available #701

    v2.1.3

    • Upgrades @actions/core to v1.2.6 for CVE-2020-15228. This action was not using the affected methods.
    • Fix error handling in uploadChunk where 400-level errors were not being detected and handled correctly

    v2.1.2

    • Adds input to limit the chunk upload size, useful for self-hosted runners with slower upload speeds
    • No-op when executing on GHES

    v2.1.1

    • Update @actions/cache package to v1.0.2 which allows cache action to use posix format when taring files.

    v2.1.0

    • Replaces the http-client with the Azure Storage SDK for NodeJS when downloading cache content from Azure. This should help improve download performance and reliability as the SDK downloads files in 4 MB chunks, which can be parallelized and retried independently
    • Display download progress and speed
    Commits
    • 4b0cf6c Merge pull request #769 from actions/users/ashwinsangem/bump_major_version
    • 60c606a Update licensed files
    • b6e9a91 Revert "Updated to the latest version."
    • c842503 Updated to the latest version.
    • 2b7da2a Bumped up to a major version.
    • deae296 Merge pull request #651 from magnetikonline/fix-golang-windows-example
    • c7c46bc Merge pull request #707 from duxtland/main
    • 6535c5f Regenerated examples.md TOC
    • 3fdafa4 Update GitHub Actions status badge markdown in README.md
    • 341e6d7 Merge branch 'actions:main' into fix-golang-windows-example
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies github_actions 
    opened by dependabot[bot] 1
  • Bump sphinx-material from 0.0.32 to 0.0.35

    Bump sphinx-material from 0.0.32 to 0.0.35

    Bumps sphinx-material from 0.0.32 to 0.0.35.

    Release notes

    Sourced from sphinx-material's releases.

    Release 0.0.35

    Add option to not strip tables

    Release 0.0.34

    Fix for space in citation labels.

    Release 0.0.33

    This release contains a number of minor fixes.

    Commits
    • 6e0ef82 Merge pull request #120 from danwos/danwos_table_strip
    • 9c5df4a Theme option fo deactivating table handling
    • 8aba3ac Merge pull request #118 from bashtage/citation-fix
    • ff14603 ENH: Improve spacing around citations
    • f94eccf Merge pull request #117 from bashtage/doc-global-toc
    • c9506a9 DOC: Emphasize globaltoc
    • 5432f24 Merge pull request #116 from bashtage/role-search
    • fdf8810 ENH: Add support for RTD search
    • 7b15906 Merge pull request #115 from bashtage/generate-docs
    • edb47be MAINT: Enable doc generation
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 1
  • Bump sphinx from 3.5.4 to 4.3.0

    Bump sphinx from 3.5.4 to 4.3.0

    Bumps sphinx from 3.5.4 to 4.3.0.

    Changelog

    Sourced from sphinx's changelog.

    Release 4.3.0 (released Nov 11, 2021)

    Dependencies

    • Support Python 3.10

    Incompatible changes

    • #9649: searchindex.js: the embedded data has changed format to allow objects with the same name in different domains.
    • #9672: The rendering of Python domain declarations is implemented with more docutils nodes to allow better CSS styling. It may break existing styling.
    • #9672: the signature of :py:meth:domains.py.PyObject.get_signature_prefix has changed to return a list of nodes instead of a plain string.
    • #9695: domains.js.JSObject.display_prefix has been changed into a method get_display_prefix which now returns a list of nodes instead of a plain string.
    • #9695: The rendering of Javascript domain declarations is implemented with more docutils nodes to allow better CSS styling. It may break existing styling.
    • #9450: mathjax: Load MathJax via "defer" strategy

    Deprecated

    • sphinx.ext.autodoc.AttributeDocumenter._datadescriptor
    • sphinx.writers.html.HTMLTranslator._fieldlist_row_index
    • sphinx.writers.html.HTMLTranslator._table_row_index
    • sphinx.writers.html5.HTML5Translator._fieldlist_row_index
    • sphinx.writers.html5.HTML5Translator._table_row_index

    Features added

    • #9639: autodoc: Support asynchronous generator functions
    • #9664: autodoc: autodoc-process-bases supports to inject reST snippet as a base class
    • #9691: C, added new info-field retval for :rst:dir:c:function and :rst:dir:c:macro.
    • C++, added new info-field retval for :rst:dir:cpp:function.
    • #9618: i18n: Add :confval:gettext_allow_fuzzy_translations to allow "fuzzy" messages for translation
    • #9672: More CSS classes on Python domain descriptions
    • #9695: More CSS classes on Javascript domain descriptions
    • #9683: Revert the removal of add_stylesheet() API. It will be kept until

    ... (truncated)

    Commits
    • 3001cc9 Bump to 4.3.0 final
    • d321a97 Merge pull request #9837 from tk0miya/9833_RemovedInSphinx60Warning
    • 5339636 Fix the type of deprecation warning for get_signature_prefix (refs: #9833)
    • 5999cdb Merge pull request #9833 from jakobandersen/py_get_signature_prefix
    • 63bd4b8 Use warnings.warn and deprecation warning
    • 096e286 Merge pull request #9628 from tk0miya/9623_suppress_warnings_for_excluded_doc...
    • 1317eee Merge pull request #9828 from tk0miya/9618_gettext_allow_fuzzy_translations
    • 7357b17 Merge branch '4.x' into 9623_suppress_warnings_for_excluded_document_in_toctree
    • 22bec4f Fix #9623: Separate warning type 'toc.not_readable' to 'toc.excluded'
    • 563936b Merge pull request #9829 from tk0miya/9450_load_mathjax_as_defer
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 1
Releases(6.0.1)
  • 6.0.1(Nov 6, 2022)

  • 6.0.0(Nov 6, 2022)

    Breaking Changes !

    • Add new format for restrictions (#133) See https://pypitoken.readthedocs.io/en/latest/howto.html#version-6-x-upgrade for details on how to upgrade from a previous version.

    Other changes

    • Pre-commit (#97, #99, #104, #106, #109, #112, #118, #120, #121, #123, #125, #127, #131)
    • Dependabot (#96, #98, #100, #101, #102, #103, #105, #107, #108, #110, #111, #113, #114, #115, #116, #117, #119, #122, #124, #126, #128, #129, #130)
    Source code(tar.gz)
    Source code(zip)
  • 5.0.0(May 29, 2022)

  • 4.0.0(May 29, 2022)

    • Add DateRestrictions (#94)
    • Add black/isort/mypy in pypoetry, but ensure their versions are synchronized with pre-commit (#93)

    And

    • Dependencies auto-upgrade (#91, #89, #90, #86, #88, #83, #82, #81, #80, #79, #78, #77, #76, #75, #74, #73, #71)
    Source code(tar.gz)
    Source code(zip)
  • 3.0.7(Jan 11, 2022)

  • 3.0.6(Jan 11, 2022)

  • 3.0.5(Jan 11, 2022)

    • [pre-commit.ci] pre-commit autoupdate (#70)
    • [pre-commit.ci] pre-commit autoupdate (#69)
    • Bump sphinx from 4.3.1 to 4.3.2 (#68)
    • Bump lxml from 4.6.3 to 4.6.5 (#67)
    • [pre-commit.ci] pre-commit autoupdate (#66)
    • Bump sphinx from 4.3.0 to 4.3.1 (#65)
    • [pre-commit.ci] pre-commit autoupdate (#64)
    • [pre-commit.ci] pre-commit autoupdate (#63)
    • Bump dunamai from 1.5.5 to 1.7.0 (#59)
    • Bump pytest-cov from 2.11.1 to 3.0.0 (#57)
    • Bump sphinx-material from 0.0.32 to 0.0.35 (#61)
    • Bump jsonschema from 3.2.0 to 4.0.0 (#62)
    • Bump sphinx from 3.5.4 to 4.3.0 (#60)
    • Bump pytest from 5.4.3 to 6.2.5 (#58)
    • Bump urllib3 from 1.26.4 to 1.26.5 (#56)
    • [pre-commit.ci] pre-commit autoupdate (#55)
    • [pre-commit.ci] pre-commit autoupdate (#54)
    • [pre-commit.ci] pre-commit autoupdate (#53)
    • [pre-commit.ci] pre-commit autoupdate (#52)
    • [pre-commit.ci] pre-commit autoupdate (#51)
    • Replace codecov with coverage-comment (#50)
    • [pre-commit.ci] pre-commit autoupdate (#49)
    • [pre-commit.ci] pre-commit autoupdate (#48)
    • [pre-commit.ci] pre-commit autoupdate (#47)
    • [pre-commit.ci] pre-commit autoupdate (#46)
    • Fix python-version on ci (#45)
    Source code(tar.gz)
    Source code(zip)
  • 3.0.4(Aug 11, 2021)

    • [pre-commit.ci] pre-commit autoupdate (#44)
    • [pre-commit.ci] pre-commit autoupdate (#43)
    • [pre-commit.ci] pre-commit autoupdate (#42)
    • [pre-commit.ci] pre-commit autoupdate (#41)
    • [pre-commit.ci] pre-commit autoupdate (#40)
    • [pre-commit.ci] pre-commit autoupdate (#39)
    • [pre-commit.ci] pre-commit autoupdate (#38)
    • [pre-commit.ci] pre-commit autoupdate (#37)
    • [pre-commit.ci] pre-commit autoupdate (#36)
    • [pre-commit.ci] pre-commit autoupdate (#35)
    • [pre-commit.ci] pre-commit autoupdate (#34)
    • [pre-commit.ci] pre-commit autoupdate (#33)
    • [pre-commit.ci] pre-commit autoupdate (#32)
    • [pre-commit.ci] pre-commit autoupdate (#31)
    Source code(tar.gz)
    Source code(zip)
  • 3.0.3(May 9, 2021)

  • 3.0.2(Mar 18, 2021)

  • 3.0.1(Mar 18, 2021)

  • 3.0.0(Mar 17, 2021)

    New public API for restriction. No breaking but enough change to warrant a major release.

    • Move dangling methods into class methods (#25)
    • Public API for Restrictions (#24)
    Source code(tar.gz)
    Source code(zip)
  • 2.0.0(Mar 14, 2021)

  • 1.1.0(Mar 14, 2021)

    • Create a context object, remove MissingContextError (#22)
    • Adding discussion topics & tighten implementation regarding extraneous caveat params (#21)

    Minor version for refactoring some aspects, but no breaking changes.

    Source code(tar.gz)
    Source code(zip)
  • 1.0.6(Mar 14, 2021)

  • 1.0.5(Mar 12, 2021)

  • 1.0.4(Mar 8, 2021)

  • 1.0.3(Mar 8, 2021)

  • 1.0.2(Mar 8, 2021)

  • 1.0.1(Mar 8, 2021)

  • 1.0.0(Mar 8, 2021)

    • Fix readthedocs (#9)
    • Rename "derive" as "restrict" (#8)
    • Improve PR template (#7)
    • Fix CI cache (#6)
    • Sphinx doc (#5)
    • Working tox & CI (#3)
    • Add first implementation (#1)
    Source code(tar.gz)
    Source code(zip)
Owner
Joachim Jablon
Python / Django :heart:, @PyPA / @psf / DSF
Joachim Jablon
A Python tool to generate and refresh Amazon access tokens.

amazon_auth A Python tool to generate and refresh Amazon access tokens. Description This tool generates and outputs Amazon access and refresh tokens f

null 15 Nov 21, 2022
Crie seus tokens de autenticação com o AScrypt.

AScrypt tokens O AScrypt é uma forma de gerar tokens de autenticação para sua aplicação de forma rápida e segura. Todos os tokens que foram, mesmo que

Jaedson Silva 0 Jun 24, 2022
Local server that gives you your OAuth 2.0 tokens needed to interact with the Conta Azul's API

What's this? This is a django project meant to be run locally that gives you your OAuth 2.0 tokens needed to interact with Conta Azul's API Prerequisi

Fábio David Freitas 3 Apr 13, 2022
A Python library to create and validate authentication tokens

handshake A Python library to create and validate authentication tokens. handshake is used to generate and validate arbitrary authentication tokens th

null 0 Apr 26, 2022
CheckList-Api - Created with django rest framework and JWT(Json Web Tokens for Authentication)

CheckList Api created with django rest framework and JWT(Json Web Tokens for Aut

shantanu nimkar 1 Jan 24, 2022
local pypi server (custom packages and auto-mirroring of pypi)

localshop A PyPI server which automatically proxies and mirrors PyPI packages based upon packages requested. It has support for multiple indexes and t

Michael van Tellingen 383 Sep 23, 2022
Seems Like Everyone Is Posting This, Thought I Should Too, Tokens Get Locked Upon Creation And Im Not Going To Fix For Several Reasons

Member-Booster Seems Like Everyone Is Posting This, Thought I Should Too, Tokens Get Locked Upon Creation And Im Not Going To Fix For Several Reasons

Mintyz 1 Dec 28, 2021
Change the name and pfp of ur accounts, uses tokens.txt for ur tokens.

Change the name and pfp of ur accounts, uses tokens.txt for ur tokens. Also scrapes the pfps+names from a server chosen by you. For hq tokens go to discord.gg/tokenshop or t.me/praisetelegram

cChimney 36 Dec 9, 2022
❄️ Don't waste your money paying for new tokens, once you have used your tokens, clean them up and resell them!

TokenCleaner Don't waste your money paying for new tokens, once you have used your tokens, clean them up and resell them! If you have a very large qua

0xVichy 59 Nov 14, 2022
NetworkX is a Python package for the creation, manipulation, and study of the structure, dynamics, and functions of complex networks.

NetworkX is a Python package for the creation, manipulation, and study of the structure, dynamics, and functions of complex networks.

NetworkX 12k Jan 2, 2023
ManiSkill-Learn is a framework for training agents on SAPIEN Open-Source Manipulation Skill Challenge (ManiSkill Challenge), a large-scale learning-from-demonstrations benchmark for object manipulation.

ManiSkill-Learn ManiSkill-Learn is a framework for training agents on SAPIEN Open-Source Manipulation Skill Challenge, a large-scale learning-from-dem

Hao Su's Lab, UCSD 48 Dec 30, 2022
A PyPI mirror client according to PEP 381 http://www.python.org/dev/peps/pep-0381/

This is a PyPI mirror client according to PEP 381 + PEP 503 http://www.python.org/dev/peps/pep-0381/. bandersnatch >=4.0 supports Linux, MacOSX + Wind

Python Packaging Authority 345 Dec 28, 2022
Python PyPi staging server and packaging, testing, release tool

devpi: PyPI server and packaging/testing/release tool This repository contains three packages comprising the core devpi system on the server and clien

null 629 Jan 1, 2023
Utilities for interacting with PyPI

twine Twine is a utility for publishing Python packages on PyPI. It provides build system independent uploads of source and binary distribution artifa

Python Packaging Authority 1.4k Jan 5, 2023
🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

Easy to setup customizable honeypots for monitoring network traffic, bots activities and username\password credentials. The current available honeypot

QeeqBox 259 Dec 31, 2022
A PyPI mirror client according to PEP 381 http://www.python.org/dev/peps/pep-0381/

This is a PyPI mirror client according to PEP 381 + PEP 503 http://www.python.org/dev/peps/pep-0381/. bandersnatch >=4.0 supports Linux, MacOSX + Wind

Python Packaging Authority 345 Dec 28, 2022
A python API for BSCScan (Binance Smart Chain Explorer), available on PyPI.

bscscan-python A complete Python API for BscScan.com, available on PyPI. Powered by BscScan.com APIs. This is a gently modified fork of the etherscan-

Panagiotis Kotsias 246 Dec 31, 2022
A simple weather tool. I made this as a way for me to learn Python, API, and PyPi packaging.

A simple weather tool. I made this as a way for me to learn Python, API, and PyPi packaging.

Clint E. 105 Dec 31, 2022
A PDM plugin to publish to PyPI

PDM Publish A PDM plugin to publish to PyPI NOTE: Consider if you need this over using twine directly Installation If you installed pdm via pipx: pipx

Branch Vincent 20 Aug 6, 2022
Install python modules from pypi from a previous date in history

pip-rewind is a command-line tool that can rewind pypi module versions (given as command-line arguments or read from a requirements.txt file) to a previous date in time.

Amar Paul 4 Jul 3, 2021