Keep your company's passwords behind the firewall

//SEIBERT/MEDIA GmbH

Last update: Feb 20, 2022

Related tags

Overview

TeamVault

TeamVault is an open-source web-based shared password manager for behind-the-firewall installation. It requires Python 3.3+ and Postgres (with the unaccent extension).

Installation

apt-get install libffi-dev libldap2-dev libpq-dev libsasl2-dev python3.6-dev postgresql-contrib
pip install teamvault
teamvault setup
vim /etc/teamvault.conf
# note that the teamvault database user will need SUPERUSER privileges
# during this step in order to activate the unaccent extension
teamvault upgrade
teamvault plumbing createsuperuser
teamvault run

Update

pip install --upgrade teamvault
teamvault upgrade

Development

Install Postgres and create a database and superuser for TeamVault to use, for example by starting a Docker container:

docker run --rm --detach --publish=5432:5432 --name teamvault-postgres -e POSTGRES_USER=teamvault -e POSTGRES_PASSWORD=teamvault postgres:latest

Now create a virtual environment to install and configure TeamVault in:

pipenv install
pipenv shell
pip install -e .
export TEAMVAULT_CONFIG_FILE=teamvault.cfg
teamvault setup
vim teamvault.cfg  # base_url = http://localhost:8000
                   # session_cookie_secure = False
                   # database config as needed
teamvault upgrade
teamvault plumbing createsuperuser
teamvault run

Now open http://localhost:8000

Comments

Install Failure.

Running ubuntu server 15.04 4 bit.

used this guide to do the install.

https://pypi.python.org/pypi/teamvault/0.4.3

$ sudo pip install teamvault
Requirement already satisfied (use --upgrade to upgrade): teamvault in ./.local/lib/python2.7/site-packages
Downloading/unpacking cryptography==0.9 (from teamvault)
  Downloading cryptography-0.9.tar.gz (302kB): 302kB downloaded
  Running setup.py (path:/tmp/pip-build-ABU3zM/cryptography/setup.py) egg_info for package cryptography

    no previously-included directories found matching 'docs/_build'
    warning: no previously-included files matching '*' found under directory 'vectors'
Downloading/unpacking dj-static==0.0.6 (from teamvault)
  Downloading dj-static-0.0.6.tar.gz
  Running setup.py (path:/tmp/pip-build-ABU3zM/dj-static/setup.py) egg_info for package dj-static

Downloading/unpacking Django==1.8.1 (from teamvault)
  Downloading Django-1.8.1-py2.py3-none-any.whl (6.2MB): 6.2MB downloaded
Downloading/unpacking django-gravatar2==1.3.0 (from teamvault)
  Downloading django_gravatar2-1.3.0-py2.py3-none-any.whl
Downloading/unpacking djangorestframework==3.1.2 (from teamvault)
  Downloading djangorestframework-3.1.2-py2.py3-none-any.whl (463kB): 463kB downloaded
Downloading/unpacking djorm-ext-pgfulltext==0.9.3 (from teamvault)
  Downloading djorm_ext_pgfulltext-0.9.3-py2.py3-none-any.whl
Downloading/unpacking gunicorn==19.3.0 (from teamvault)
  Downloading gunicorn-19.3.0-py2.py3-none-any.whl (110kB): 110kB downloaded
Downloading/unpacking hashids==1.1.0 (from teamvault)
  Downloading hashids-1.1.0.tar.gz
  Running setup.py (path:/tmp/pip-build-ABU3zM/hashids/setup.py) egg_info for package hashids

Downloading/unpacking psycopg2==2.6 (from teamvault)
  Downloading psycopg2-2.6.tar.gz (367kB): 367kB downloaded
  Running setup.py (path:/tmp/pip-build-ABU3zM/psycopg2/setup.py) egg_info for package psycopg2

Downloading/unpacking pytz==2015.4 (from teamvault)
  Downloading pytz-2015.4-py2.py3-none-any.whl (475kB): 475kB downloaded
Requirement already satisfied (use --upgrade to upgrade): idna in /usr/lib/python2.7/dist-packages (from cryptography==0.9->teamvault)
Requirement already satisfied (use --upgrade to upgrade): pyasn1 in ./.local/lib/python2.7/site-packages (from cryptography==0.9->teamvault)
Requirement already satisfied (use --upgrade to upgrade): six>=1.4.1 in /usr/lib/python2.7/dist-packages (from cryptography==0.9->teamvault)
Requirement already satisfied (use --upgrade to upgrade): setuptools in /usr/lib/python2.7/dist-packages (from cryptography==0.9->teamvault)
Downloading/unpacking enum34 (from cryptography==0.9->teamvault)
  Downloading enum34-1.0.4.tar.gz
  Running setup.py (path:/tmp/pip-build-ABU3zM/enum34/setup.py) egg_info for package enum34

Downloading/unpacking ipaddress (from cryptography==0.9->teamvault)
  Downloading ipaddress-1.0.7-py27-none-any.whl
Downloading/unpacking cffi>=0.8 (from cryptography==0.9->teamvault)
  Downloading cffi-1.1.0.tar.gz (323kB): 323kB downloaded
  Running setup.py (path:/tmp/pip-build-ABU3zM/cffi/setup.py) egg_info for package cffi

Downloading/unpacking static3 (from dj-static==0.0.6->teamvault)
  Downloading static3-0.6.1.tar.gz
  Running setup.py (path:/tmp/pip-build-ABU3zM/static3/setup.py) egg_info for package static3

Downloading/unpacking pycparser (from cffi>=0.8->cryptography==0.9->teamvault)
  Downloading pycparser-2.13.tar.gz (299kB): 299kB downloaded
  Running setup.py (path:/tmp/pip-build-ABU3zM/pycparser/setup.py) egg_info for package pycparser

    warning: no previously-included files matching 'yacctab.*' found under directory 'tests'
    warning: no previously-included files matching 'lextab.*' found under directory 'tests'
    warning: no previously-included files matching 'yacctab.*' found under directory 'examples'
    warning: no previously-included files matching 'lextab.*' found under directory 'examples'
Installing collected packages: cryptography, dj-static, Django, django-gravatar2, djangorestframework, djorm-ext-pgfulltext, gunicorn, hashids, psycopg2, pytz, enum34, ipaddress, cffi, static3, pycparser
  Running setup.py install for cryptography
    c/_cffi_backend.c:2:20: fatal error: Python.h: No such file or directory
     #include <Python.h>
                        ^
    compilation terminated.
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-ABU3zM/cryptography/setup.py", line 342, in <module>
        **keywords_with_side_effects(sys.argv)
      File "/usr/lib/python2.7/distutils/core.py", line 111, in setup
        _setup_distribution = dist = klass(attrs)
      File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 265, in __init__
        self.fetch_build_eggs(attrs['setup_requires'])
      File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 310, in fetch_build_eggs
        replace_conflicting=True,
      File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 799, in resolve
        dist = best[req.key] = env.best_match(req, ws, installer)
      File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1049, in best_match
        return self.obtain(req, installer)
      File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1061, in obtain
        return installer(requirement)
      File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 377, in fetch_build_egg
        return cmd.easy_install(req)
      File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 646, in easy_install
        return self.install_item(spec, dist.location, tmpdir, deps)
      File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 676, in install_item
        dists = self.install_eggs(spec, download, tmpdir)
      File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 861, in install_eggs
        return self.build_and_install(setup_script, setup_base)
      File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 1089, in build_and_install
        self.run_setup(setup_script, setup_base, args)
      File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 1077, in run_setup
        raise DistutilsError("Setup script exited with %s" % (v.args[0],))
    distutils.errors.DistutilsError: Setup script exited with error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
    Complete output from command /usr/bin/python -c "import setuptools, tokenize;__file__='/tmp/pip-build-ABU3zM/cryptography/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-D2izdk-record/install-record.txt --single-version-externally-managed --compile:
    c/_cffi_backend.c:2:20: fatal error: Python.h: No such file or directory

 #include <Python.h>

                    ^

compilation terminated.

Traceback (most recent call last):

  File "<string>", line 1, in <module>

  File "/tmp/pip-build-ABU3zM/cryptography/setup.py", line 342, in <module>

    **keywords_with_side_effects(sys.argv)

  File "/usr/lib/python2.7/distutils/core.py", line 111, in setup

    _setup_distribution = dist = klass(attrs)

  File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 265, in __init__

    self.fetch_build_eggs(attrs['setup_requires'])

  File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 310, in fetch_build_eggs

    replace_conflicting=True,

  File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 799, in resolve

    dist = best[req.key] = env.best_match(req, ws, installer)

  File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1049, in best_match

    return self.obtain(req, installer)

  File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1061, in obtain

    return installer(requirement)

  File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 377, in fetch_build_egg

    return cmd.easy_install(req)

  File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 646, in easy_install

    return self.install_item(spec, dist.location, tmpdir, deps)

  File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 676, in install_item

    dists = self.install_eggs(spec, download, tmpdir)

  File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 861, in install_eggs

    return self.build_and_install(setup_script, setup_base)

  File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 1089, in build_and_install

    self.run_setup(setup_script, setup_base, args)

  File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 1077, in run_setup

    raise DistutilsError("Setup script exited with %s" % (v.args[0],))

distutils.errors.DistutilsError: Setup script exited with error: command 'x86_64-linux-gnu-gcc' failed with exit status 1

----------------------------------------
Cleaning up...
Command /usr/bin/python -c "import setuptools, tokenize;__file__='/tmp/pip-build-ABU3zM/cryptography/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-D2izdk-record/install-record.txt --single-version-externally-managed --compile failed with error code 1 in /tmp/pip-build-ABU3zM/cryptography
Storing debug log for failure in /home/USERNAME/.pip/pip.log

opened by lachlanjholmes 5

Make default access policy configurable

I'm not sure if code quality is up to your standards. Sorry. :(

My goal was not to move the ACCESS_POLICY_* constants. Hence, configure_default_access_policy() only reads a string and pick_constant() returns the appropriate constant.

opened by vain 4
Can't type in "share" form
Open a secret, hit "share".

Try to enter a user name or group. Notice that you can't type anything. :)

We were able to reproduce this on several browsers (Firefox, Chrome, Opera, ...).
bug
opened by vain 3

migrations fail on Ubuntu 18.04

I tried to set up teamvault on a fresh Ubuntu 18.04 box with the current master (c00ad68).

When running teamvault upgrade, the migration for the settings app fails because of a missing relation settings_setting.

Full stacktrace

$ sudo teamvault upgrade

### Running migrations...

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/django/db/backends/utils.py", line 85, in _execute
    return self.cursor.execute(sql, params)
psycopg2.ProgrammingError: relation "settings_setting" does not exist
LINE 1: ...s_setting"."key", "settings_setting"."value" FROM "settings_...
                                                             ^


The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/local/bin/teamvault", line 11, in <module>
    load_entry_point('teamvault==0.7.3', 'console_scripts', 'teamvault')()
  File "/usr/local/lib/python3.6/dist-packages/teamvault/cli.py", line 60, in main
    pargs.func(pargs)
  File "/usr/local/lib/python3.6/dist-packages/teamvault/cli.py", line 91, in upgrade
    execute_from_command_line(["", "migrate", "--noinput", "-v", "3", "--traceback"])
  File "/usr/local/lib/python3.6/dist-packages/django/core/management/__init__.py", line 371, in execute_from_command_line
    utility.execute()
  File "/usr/local/lib/python3.6/dist-packages/django/core/management/__init__.py", line 347, in execute
    django.setup()
  File "/usr/local/lib/python3.6/dist-packages/django/__init__.py", line 24, in setup
    apps.populate(settings.INSTALLED_APPS)
  File "/usr/local/lib/python3.6/dist-packages/django/apps/registry.py", line 120, in populate
    app_config.ready()
  File "/usr/local/lib/python3.6/dist-packages/teamvault/apps/settings/__init__.py", line 15, in ready
    config.configure_teamvault_secret_key(parsed_config, settings)
  File "/usr/local/lib/python3.6/dist-packages/teamvault/apps/settings/config.py", line 171, in configure_teamvault_secret_key
    checksum = Setting.get("fernet_key_hash", default=None)
  File "/usr/local/lib/python3.6/dist-packages/teamvault/apps/settings/models.py", line 20, in get
    return cls.objects.get(key=key).value
  File "/usr/local/lib/python3.6/dist-packages/django/db/models/manager.py", line 82, in manager_method
    return getattr(self.get_queryset(), name)(*args, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/django/db/models/query.py", line 397, in get
    num = len(clone)
  File "/usr/local/lib/python3.6/dist-packages/django/db/models/query.py", line 254, in __len__
    self._fetch_all()
  File "/usr/local/lib/python3.6/dist-packages/django/db/models/query.py", line 1179, in _fetch_all
    self._result_cache = list(self._iterable_class(self))
  File "/usr/local/lib/python3.6/dist-packages/django/db/models/query.py", line 54, in __iter__
    results = compiler.execute_sql(chunked_fetch=self.chunked_fetch, chunk_size=self.chunk_size)
  File "/usr/local/lib/python3.6/dist-packages/django/db/models/sql/compiler.py", line 1063, in execute_sql
    cursor.execute(sql, params)
  File "/usr/local/lib/python3.6/dist-packages/django/db/backends/utils.py", line 68, in execute
    return self._execute_with_wrappers(sql, params, many=False, executor=self._execute)
  File "/usr/local/lib/python3.6/dist-packages/django/db/backends/utils.py", line 77, in _execute_with_wrappers
    return executor(sql, params, many, context)
  File "/usr/local/lib/python3.6/dist-packages/django/db/backends/utils.py", line 85, in _execute
    return self.cursor.execute(sql, params)
  File "/usr/local/lib/python3.6/dist-packages/django/db/utils.py", line 89, in __exit__
    raise dj_exc_value.with_traceback(traceback) from exc_value
  File "/usr/local/lib/python3.6/dist-packages/django/db/backends/utils.py", line 85, in _execute
    return self.cursor.execute(sql, params)
django.db.utils.ProgrammingError: relation "settings_setting" does not exist
LINE 1: ...s_setting"."key", "settings_setting"."value" FROM "settings_...
                                                             ^

I'm not completely sure why this happens, but apparently Setting.get("fernet_key_hash", default=None) is called before the table is created and its absence does not trigger the default case. I'm confused because these parts of the settings app haven't been changed recently.

opened by zuntrax 2

Ability to set ALLOWED_HOSTS independent of base_url

When operating TeamVault behind a http(s)-Proxy, ALLOWED_HOSTS needs to contain the internal ip/port (ie http://127.0.0.1:8080). Currently ALLOWED_HOSTS is only configured based on base_url, so the base_url has to be set to http://127.0.0.1:8080 which is obviously incorrect in a https-proxy-setup and will result to problems when the base_url is used for redirects.

It would be nice to be able to set / add to ALLOWED_HOSTS independent of the base_url.

opened by MaZderMind 2
Make usernames searchable

I often encounter the problem that the searchable description occures multiple times, so that I have to search through 50-100 entries to find the login I search for. If I could search for the username this would be much easier.

opened by euleule 2
How to register / request access

I cannot find how to request a new account as a normal User. Neither, webui, api or in the source. Normal root user was created through plumbing command.

Whats the way the do that?

opened by noqqe 2
Request access dialog: Can't type fast

Each and every keystroke generates an HTTP request. When you type fast, a lot of characters are missing.

https://dump.uninformativ.de/volatile/Kabl-Tiss-17/tmpO8k7Xl.png

opened by vain 2
Visibility of "username"
I know this has been discussed before :-), but I really do think that "username" should be visible by default in the "add" form. Here's why:

Storing username and password is the common case: In the database of my private password manager, there are 128 "passwords". However, 123 of those are actually "username + password". Only 5 items are just a password and no username. In our company's database, there are about 4000 passwords and only 19 of those lack a username.

If "username" is hidden, it's likely to confuse users.

The username is already visible in search results.

What do you think?
opened by vain 2

Creating secrets via API broken

On a fresh install on Ubuntu 14.04, this happens when trying to create a secret via "/api/secrets" and the following JSON:

{
    "access_policy": "any",
    "allowed_users": ["bob"],
    "description": "apitest",
    "name": "apitest",
    "needs_changing_on_leave": true,
    "password": "test",
    "url": "http://www.heise.de"
}

Error:

[2015-04-20 16:02:23,804] ERROR base: Internal Server Error: /api/secrets/
Traceback (most recent call last):
  File "/usr/local/lib/python3.4/dist-packages/django/db/backends/utils.py", line 64, in execute
    return self.cursor.execute(sql, params)
psycopg2.IntegrityError: duplicate key value violates unique constraint "secrets_secret_pkey"
DETAIL:  Key (id)=(1) already exists.


The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/local/lib/python3.4/dist-packages/django/core/handlers/base.py", line 132, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/usr/local/lib/python3.4/dist-packages/django/views/decorators/csrf.py", line 58, in wrapped_view
    return view_func(*args, **kwargs)
  File "/usr/local/lib/python3.4/dist-packages/django/views/generic/base.py", line 71, in view
    return self.dispatch(request, *args, **kwargs)
  File "/usr/local/lib/python3.4/dist-packages/rest_framework/views.py", line 452, in dispatch
    response = self.handle_exception(exc)
  File "/usr/local/lib/python3.4/dist-packages/rest_framework/views.py", line 449, in dispatch
    response = handler(request, *args, **kwargs)
  File "/usr/local/lib/python3.4/dist-packages/rest_framework/generics.py", line 244, in post
    return self.create(request, *args, **kwargs)
  File "/usr/local/lib/python3.4/dist-packages/rest_framework/mixins.py", line 20, in create
    self.perform_create(serializer)
  File "/srv/teamvault/src/teamvault/apps/secrets/api.py", line 387, in perform_create
    instance = serializer.save()
  File "/usr/local/lib/python3.4/dist-packages/rest_framework/serializers.py", line 165, in save
    self.instance = self.create(validated_data)
  File "/srv/teamvault/src/teamvault/apps/secrets/api.py", line 267, in create
    instance = self.Meta.model.objects.create(**validated_data)
  File "/usr/local/lib/python3.4/dist-packages/django/db/models/manager.py", line 127, in manager_method
    return getattr(self.get_queryset(), name)(*args, **kwargs)
  File "/usr/local/lib/python3.4/dist-packages/django/db/models/query.py", line 348, in create
    obj.save(force_insert=True, using=self.db)
  File "/srv/teamvault/src/teamvault/apps/secrets/models.py", line 56, in save
    return super(HashIDModel, self).save(*args, **kwargs)
  File "/usr/local/lib/python3.4/dist-packages/django/db/models/base.py", line 710, in save
    force_update=force_update, update_fields=update_fields)
  File "/usr/local/lib/python3.4/dist-packages/django/db/models/base.py", line 738, in save_base
    updated = self._save_table(raw, cls, force_insert, force_update, using, update_fields)
  File "/usr/local/lib/python3.4/dist-packages/django/db/models/base.py", line 822, in _save_table
    result = self._do_insert(cls._base_manager, using, fields, update_pk, raw)
  File "/usr/local/lib/python3.4/dist-packages/django/db/models/base.py", line 861, in _do_insert
    using=using, raw=raw)
  File "/usr/local/lib/python3.4/dist-packages/django/db/models/manager.py", line 127, in manager_method
    return getattr(self.get_queryset(), name)(*args, **kwargs)
  File "/usr/local/lib/python3.4/dist-packages/django/db/models/query.py", line 920, in _insert
    return query.get_compiler(using=using).execute_sql(return_id)
  File "/usr/local/lib/python3.4/dist-packages/django/db/models/sql/compiler.py", line 963, in execute_sql
    cursor.execute(sql, params)
  File "/usr/local/lib/python3.4/dist-packages/django/db/backends/utils.py", line 79, in execute
    return super(CursorDebugWrapper, self).execute(sql, params)
  File "/usr/local/lib/python3.4/dist-packages/django/db/backends/utils.py", line 64, in execute
    return self.cursor.execute(sql, params)
  File "/usr/local/lib/python3.4/dist-packages/django/db/utils.py", line 97, in __exit__
    six.reraise(dj_exc_type, dj_exc_value, traceback)
  File "/usr/local/lib/python3.4/dist-packages/django/utils/six.py", line 658, in reraise
    raise value.with_traceback(tb)
  File "/usr/local/lib/python3.4/dist-packages/django/db/backends/utils.py", line 64, in execute
    return self.cursor.execute(sql, params)
django.db.utils.IntegrityError: duplicate key value violates unique constraint "secrets_secret_pkey"
DETAIL:  Key (id)=(1) already exists.

Note that creating secrets using the web interfaces works fine.

opened by vain 2

start or accept Access request with umlaut in name
seems, the send_mail function tries to handle the name as ascii.

The string that could not be encoded/decoded was: enmenü FGT

Traceback: File "/usr/local/lib/python3.4/dist-packages/django/core/handlers/base.py" in get_response

response = wrapped_callback(request, _callback_args, *_callback_kwargs)
File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/decorators.py" in _wrapped_view

return view_func(request, _args, *_kwargs)
File "/usr/local/lib/python3.4/dist-packages/teamvault/apps/secrets/views.py" in access_request_create

access_request.assign_reviewers()
File "/usr/local/lib/python3.4/dist-packages/teamvault/apps/secrets/models.py" in assign_reviewers

user_from=self.requester,
File "/usr/local/lib/python3.4/dist-packages/teamvault/utils.py" in send_mail

msg.send()
File "/usr/local/lib/python3.4/dist-packages/django/core/mail/message.py" in send

return self.get_connection(fail_silently).send_messages([self])
File "/usr/local/lib/python3.4/dist-packages/django/core/mail/backends/console.py" in send_messages

self.write_message(message)
File "/usr/local/lib/python3.4/dist-packages/django/core/mail/backends/console.py" in write_message

self.stream.write('%s\n' % msg_data)

Exception Type: UnicodeEncodeError at /secrets/mAMyym/request_access Exception Value: 'ascii' codec can't encode character '\xfc' in position 565: ordinal not in range(128)
opened by tpenndorf 2
Bump certifi from 2021.5.30 to 2022.12.7
Bumps certifi from 2021.5.30 to 2022.12.7.

Commits

9e9e840 2022.12.07

b81bdb2 2022.09.24

939a28f 2022.09.14

aca828a 2022.06.15.2

de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...

b8eb5e9 2022.06.15.1

47fb7ab Fix deprecation warning on Python 3.11 (#199)

b0b48e0 fixes #198 -- update link in license

9d514b4 2022.06.15

4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump oauthlib from 3.1.1 to 3.2.1
Bumps oauthlib from 3.1.1 to 3.2.1.

Release notes

Sourced from oauthlib's releases.

3.2.1

In short

OAuth2.0 Provider:

#803 : Metadata endpoint support of non-HTTPS

CVE-2022-36087

OAuth1.0:

#818 : Allow IPv6 being parsed by signature

General:

Improved and fixed documentation warnings.

Cosmetic changes based on isort

What's Changed

add missing slots to TokenBase by @ariebovenberg in oauthlib/oauthlib#804

Add CORS support for Refresh Token Grant. by @luhn in oauthlib/oauthlib#806

GitHub Action to lint Python code by @cclauss in oauthlib/oauthlib#797

Docs: fix Sphinx warnings for better ReadTheDocs generation by @JonathanHuot in oauthlib/oauthlib#807

Allow non-HTTPS issuer when OAUTHLIB_INSECURE_TRANSPORT. by @luhn in oauthlib/oauthlib#803

chore: fix typo in test by @tamanobi in oauthlib/oauthlib#816

Fix typo in server.rst by @NemanjaT in oauthlib/oauthlib#819

Fixed isort imports by @dasm in oauthlib/oauthlib#820

docs: Fix a few typos by @timgates42 in oauthlib/oauthlib#822

docs: fix typos by @kianmeng in oauthlib/oauthlib#823

New Contributors

@ariebovenberg made their first contribution in oauthlib/oauthlib#804

@tamanobi made their first contribution in oauthlib/oauthlib#816

@NemanjaT made their first contribution in oauthlib/oauthlib#819

@kianmeng made their first contribution in oauthlib/oauthlib#823

Full Changelog: https://github.com/oauthlib/oauthlib/compare/v3.2.0...v3.2.1

3.2.0

Changelog

OAuth2.0 Client:

#795: Add Device Authorization Flow for Web Application

#786: Add PKCE support for Client

#783: Fallback to none in case of wrong expires_at format.

OAuth2.0 Provider:

#790: Add support for CORS to metadata endpoint.

#791: Add support for CORS to token endpoint.

#787: Remove comma after Bearer in WWW-Authenticate

OAuth2.0 Provider - OIDC:

#755: Call save_token in Hybrid code flow

#751: OIDC add support of refreshing ID Tokens with refresh_id_token

#751: The RefreshTokenGrant modifiers now take the same arguments as the AuthorizationCodeGrant modifiers (token, token_handler, request).

... (truncated)

Changelog

Sourced from oauthlib's changelog.

3.2.1 (2022-09-09)

OAuth2.0 Provider:

#803: Metadata endpoint support of non-HTTPS

CVE-2022-36087

OAuth1.0:

#818: Allow IPv6 being parsed by signature

General:

Improved and fixed documentation warnings.

Cosmetic changes based on isort

3.2.0 (2022-01-29)

OAuth2.0 Client:

#795: Add Device Authorization Flow for Web Application

#786: Add PKCE support for Client

#783: Fallback to none in case of wrong expires_at format.

OAuth2.0 Provider:

#790: Add support for CORS to metadata endpoint.

#791: Add support for CORS to token endpoint.

#787: Remove comma after Bearer in WWW-Authenticate

OAuth2.0 Provider - OIDC:

#755: Call save_token in Hybrid code flow

#751: OIDC add support of refreshing ID Tokens with refresh_id_token

#751: The RefreshTokenGrant modifiers now take the same arguments as the AuthorizationCodeGrant modifiers (token, token_handler, request).

General:

Added Python 3.9, 3.10, 3.11

Improve Travis & Coverage

Commits

88bb156 Updated date and authors

1a45d97 Prepare 3.2.1 release

0adbbe1 docs: fix typos

6569ec3 docs: Fix a few typos

bdc486e Fixed isort imports

7db45bd Fix typo in server.rst

b14ad85 chore: s/bode_code_verifier/body_code_verifier/g

b123283 Allow non-HTTPS issuer when OAUTHLIB_INSECURE_TRANSPORT. (#803)

2f887b5 Docs: fix Sphinx warnings for better ReadTheDocs generation (#807)

d4bafd9 Merge pull request #797 from cclauss/patch-2

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump django from 3.2.6 to 3.2.15
Bumps django from 3.2.6 to 3.2.15.

Commits

653a7bd [3.2.x] Bumped version for 3.2.15 release.

b3e4494 [3.2.x] Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header.

cb7fbac [3.2.x] Fixed collation tests on MySQL 8.0.30+.

840d009 [3.2.x] Fixed inspectdb and schema tests on MariaDB 10.6+.

a5eba20 Adjusted release notes for 3.2.15.

ad104fb [3.2.x] Added stub release notes for 3.2.15 release.

22916c8 [3.2.x] Fixed RelatedGeoModelTest.test08_defer_only() on MySQL 8+ with MyISAM...

e1cfbe5 [3.2.x] Added CVE-2022-34265 to security archive.

605cf0d [3.2.x] Post-release version bump.

746e88c [3.2.x] Bumped version for 3.2.14 release.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0

Bump pyjwt from 2.1.0 to 2.4.0

Bumps pyjwt from 2.1.0 to 2.4.0.

Release notes

Sourced from pyjwt's releases.

2.4.0

Security

[CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24

What's Changed

Add support for Python 3.10 by @hugovk in jpadilla/pyjwt#699

Don't use implicit optionals by @rekyungmin in jpadilla/pyjwt#705

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#708

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#710

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#711

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#712

documentation fix: show correct scope for decode_complete() by @sseering in jpadilla/pyjwt#661

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#716

Explicit check the key for ECAlgorithm by @estin in jpadilla/pyjwt#713

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#720

api_jwk: Add PyJWKSet.getitem by @woodruffw in jpadilla/pyjwt#725

Update usage.rst by @guneybilen in jpadilla/pyjwt#727

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#728

fix: Update copyright information by @kkirsche in jpadilla/pyjwt#729

Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in jpadilla/pyjwt#734

Fixed typo in usage.rst by @israelabraham in jpadilla/pyjwt#738

Add detached payload support for JWS encoding and decoding by @fviard in jpadilla/pyjwt#723

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#740

Raise DeprecationWarning for jwt.decode(verify=...) by @akx in jpadilla/pyjwt#742

Don't mutate options dictionary in .decode_complete() by @akx in jpadilla/pyjwt#743

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#748

Replace various string interpolations with f-strings by @akx in jpadilla/pyjwt#744

Update CHANGELOG.rst by @hipertracker in jpadilla/pyjwt#751

New Contributors

@hugovk made their first contribution in jpadilla/pyjwt#699

@rekyungmin made their first contribution in jpadilla/pyjwt#705

@sseering made their first contribution in jpadilla/pyjwt#661

@estin made their first contribution in jpadilla/pyjwt#713

@woodruffw made their first contribution in jpadilla/pyjwt#725

@guneybilen made their first contribution in jpadilla/pyjwt#727

@dmahr1 made their first contribution in jpadilla/pyjwt#734

@israelabraham made their first contribution in jpadilla/pyjwt#738

@fviard made their first contribution in jpadilla/pyjwt#723

@akx made their first contribution in jpadilla/pyjwt#742

@hipertracker made their first contribution in jpadilla/pyjwt#751

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0

2.3.0

What's Changed

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#700

Add exception chaining by @ehdgua01 in jpadilla/pyjwt#702

Revert "Remove arbitrary kwargs." by @auvipy in jpadilla/pyjwt#701

... (truncated)

Changelog

Sourced from pyjwt's changelog.

`v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>`__

Security


- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
Changed

- Explicit check the key for ECAlgorithm by @estin in https://github.com/jpadilla/pyjwt/pull/713
- Raise DeprecationWarning for jwt.decode(verify=...) by @akx in https://github.com/jpadilla/pyjwt/pull/742
Fixed

- Don't use implicit optionals by @rekyungmin in https://github.com/jpadilla/pyjwt/pull/705
- documentation fix: show correct scope for decode_complete() by @sseering in https://github.com/jpadilla/pyjwt/pull/661
- fix: Update copyright information by @kkirsche in https://github.com/jpadilla/pyjwt/pull/729
- Don't mutate options dictionary in .decode_complete() by @akx in https://github.com/jpadilla/pyjwt/pull/743

Added


Add support for Python 3.10 by @hugovk in https://github.com/jpadilla/pyjwt/pull/699
api_jwk: Add PyJWKSet.getitem by @woodruffw in https://github.com/jpadilla/pyjwt/pull/725
Update usage.rst by @guneybilen in https://github.com/jpadilla/pyjwt/pull/727
Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in https://github.com/jpadilla/pyjwt/pull/734
Fixed typo in usage.rst by @israelabraham in https://github.com/jpadilla/pyjwt/pull/738
Add detached payload support for JWS encoding and decoding by @fviard in https://github.com/jpadilla/pyjwt/pull/723
Replace various string interpolations with f-strings by @akx in https://github.com/jpadilla/pyjwt/pull/744
Update CHANGELOG.rst by @hipertracker in https://github.com/jpadilla/pyjwt/pull/751

v2.3.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0&amp;gt;__
Fixed

- Revert &amp;quot;Remove arbitrary kwargs.&amp;quot; `[#701](https://github.com/jpadilla/pyjwt/issues/701) &amp;lt;https://github.com/jpadilla/pyjwt/pull/701&amp;gt;`__

Added


Add exception chaining [#702](https://github.com/jpadilla/pyjwt/issues/702) &amp;lt;https://github.com/jpadilla/pyjwt/pull/702&amp;gt;__

v2.2.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0&amp;gt;__
&lt;/tr&gt;&lt;/table&gt;
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/jpadilla/pyjwt/commit/83ff831a4d11190e3a0bed781da43f8d84352653"><code>83ff831</code></a> chore: update changelog</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/4c1ce8fd9019dd312ff257b5141cdb6d897379d9"><code>4c1ce8f</code></a> chore: update changelog</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/96f3f0275745c5a455c019a0d3476a054980e8ea"><code>96f3f02</code></a> fix: failing advisory test</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc"><code>9c52867</code></a> Merge pull request from GHSA-ffqj-6fqr-9h24</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/24b29adfebcb4f057a3cef5aaf35653bc0c1c8cc"><code>24b29ad</code></a> Update CHANGELOG.rst (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/751">#751</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/31f5acb8fb3ec6cdfe2b1b0a4a8f329b5f3ca67f"><code>31f5acb</code></a> Replace various string interpolations with f-strings (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/744">#744</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/5581a31c21de70444c1162bcfa29f7e0fc86edda"><code>5581a31</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/748">#748</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/3d4d82248f1120c87f1f4e0e8793eaa1d54843a6"><code>3d4d822</code></a> Don't mutate options dictionary in .decode_complete() (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/743">#743</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/1f1fe15bb41846c602b3e106176b2c692b93a613"><code>1f1fe15</code></a> Add a deprecation warning when jwt.decode() is called with the legacy verify=...</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/35fa28e59d99b99c6a780d2a029a74d6bbba8b1e"><code>35fa28e</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/740">#740</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/2.1.0...2.4.0">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.


		                                  
		                                    dependencies


	                                 
										opened  by dependabot[bot]  0


	                        
	                           
	                              
	                                 
	                                 
	                                 
	                              
	                              
	                                 
	                                    
	                                    Bump python-ldap from 3.3.1 to 3.4.0
	                                    
	                                 
	                                  
	                                 
	                                   
		                                   Bumps python-ldap from 3.3.1 to 3.4.0.

Release notes
Sourced from python-ldap's releases.

3.4.0
This release requires Python 3.6 or above,
and is tested with Python 3.6 to 3.10.
Python 2 is no longer supported.
New code in the python-ldap project is available under the MIT licence
(available in LICENCE.MIT in the source). Several contributors have agreed
to apply this licence their previous contributions as well.
See the README for details.
The following undocumented functions are deprecated and scheduled for removal:

ldap.cidict.strlist_intersection
ldap.cidict.strlist_minus
ldap.cidict.strlist_union

Security fixes:

Fix inefficient regular expression which allows denial-of-service attacks
when parsing specially-crafted LDAP schema.
(GHSL-2021-117)

Changes:

On MacOS, remove option to make LDAP connections from a file descriptor
when built with the system libldap (which lacks the underlying function,
ldap_init_fd)
Attribute values of the post read control are now bytes
instead of ISO8859-1 decoded str
LDAPUrl now treats urlscheme as case-insensitive
Several OpenLDAP options are now supported:

OPT_X_TLS_REQUIRE_SAN
OPT_X_SASL_SSF_EXTERNAL
OPT_X_TLS_PEERCERT



Fixes:

The copy() method of cidict was added back. It was unintentionally
removed in 3.3.0
Fixed getting/setting SASL options on big endian platforms
Unknown LDAP result code are now converted to LDAPexception,
rather than raising a SystemError.

slapdtest:

Show stderr of slapd -Ttest
SlapdObject uses directory-based configuration of slapd
SlapdObject startup is now faster

Infrastructure:

CI now runs on GitHub Actions rather than Travis CI.




Commits

See full diff in compare view





Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.


		                                  
		                                    dependencies 
	                                    
	                                 
	                                 
										opened  by dependabot[bot]  0
									
	                              
	                           
	                        
	                        
	                           
	                              
	                                 
	                                 
	                                 
	                              
	                              
	                                 
	                                    
	                                    Bump sqlparse from 0.4.1 to 0.4.2
	                                    
	                                 
	                                  
	                                 
	                                   
		                                   Bumps sqlparse from 0.4.1 to 0.4.2.

Changelog
Sourced from sqlparse's changelog.

Release 0.4.2 (Sep 10, 2021)
Notable Changes

IMPORTANT: This release fixes a security vulnerability in the
strip comments filter. In this filter a regular expression that was
vulnerable to ReDOS (Regular Expression Denial of Service) was
used. See the security advisory for details: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf
The vulnerability was discovered by @erik-krogh and @yoff from
GitHub Security Lab (GHSL). Thanks for reporting!

Enhancements

Add ELSIF as keyword (issue584).
Add CONFLICT and ON_ERROR_STOP keywords (pr595, by j-martin).

Bug Fixes

Fix parsing of backticks (issue588).
Fix parsing of scientific number (issue399).




Commits

b1f76f6 Update changelog.
3eec44e Update Changelog and bump version.
8238a9e Optimize regular expression for identifying line breaks in comments.
e660467 Fix parsing of scientific numbers (fixes #399).
23d2993 Update authors and changelog.
acc2810 keyword, add ON_ERROR_STOP
282bcf1 keyword, add CONFLICT to postgres keywords
63885dd Add ELSIF as keyword (fixes #584).
e575ae2 Fix parsing of backticks (fixes #588).
fe39072 Switch back to development mode.
Additional commits viewable in compare view





Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.


		                                  
		                                    dependencies 
	                                    
	                                 
	                                 
										opened  by dependabot[bot]  0


				
	                 
	                 	  Releases(0.9.2)
	                      
		                  
		                     
		                        
		                           
		                              
		                              
		                                 
		                                     
		                                    0.9.2(Oct 14, 2022)
		                                     
		                                 
		                                  
		                                 
		                                   
			                                   
			                                  
			                                    Source code(tar.gz)
Source code(zip)

		                                    
		                                 
		                                
		                              
		                           
		                        
		                        
		                           
		                              
		                              
		                                 
		                                     
		                                    0.5.0(Oct 24, 2015)
		                                     
		                                 
		                                  
		                                 
		                                   
			                                   
added rudimentary password generator and strength meter
added 404 error pages
added secret restoration for admins
fixed revealing credit card secrets
fixed display of deleted secrets


			                                  
			                                    Source code(tar.gz)
Source code(zip)

		                                    
		                                 
		                                
		                              
		                           
		                        
		                        
		                           
		                              
		                              
		                                 
		                                     
		                                    0.4.1(Apr 15, 2015)
		                                     
		                                 
		                                  
		                                 
		                                   
			                                   
fixed missing email templates in distribution
fixed Python 3 tag on wheel distribution
fixed exceptions not being logged
fixed exception when closing access request as non-reviewer


			                                  
			                                    Source code(tar.gz)
Source code(zip)

		                                    
		                                 
		                                
		                              
		                           
		                        
		                        
		                           
		                              
		                              
		                                 
		                                     
		                                    0.4.0(Apr 6, 2015)
		                                     
		                                 
		                                  
		                                 
		                                   
			                                   
changed URLs to use hashids
added substring search for filename, URL, and username
added notification emails for access requests
fixed display of allowed users/group in secret detail view


			                                  
			                                    Source code(tar.gz)
Source code(zip)

		                                    
		                                 
		                                
		                              
		                           
		                        
		                        
		                           
		                              
		                              
		                                 
		                                     
		                                    0.3.0(Feb 5, 2015)
		                                     
		                                 
		                                  
		                                 
		                                   
			                                   
added full text search
added search API
improved secret list display
added pagination for secret lists
relaxed URL validation even further


			                                  
			                                    Source code(tar.gz)
Source code(zip)

		                                    
		                                 
		                                
		                              
		                           
		                        
		                        
		                           
		                              
		                              
		                                 
		                                     
		                                    0.2.0(Jan 11, 2015)
		                                     
		                                 
		                                  
		                                 
		                                   
			                                   
added file secrets
added credit card secrets
added logging to syslog
added teamvault plumbing command
fixed login with some WebKit-based browsers


			                                  
			                                    Source code(tar.gz)
Source code(zip)

		                                    
		                                 
		                                
		                              
		                           
		                        
		                        
		                           
		                              
		                              
		                                 
		                                     
		                                    0.1.0(Jan 11, 2015)
		                                     
		                                 
		                                  
		                                 
		                                   
			                                   
first public release


			                                  
			                                    Source code(tar.gz)
Source code(zip)

Keep your company's passwords behind the firewall

Related tags

Overview

TeamVault

Installation

Update

Development

Comments

3.2.1

In short

What's Changed

New Contributors

3.2.0

Changelog

3.2.1 (2022-09-09)

3.2.0 (2022-01-29)

2.4.0

Security

What's Changed

New Contributors

2.3.0

What's Changed

v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>__

v2.3.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0&amp;gt;__

v2.2.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0&amp;gt;__

3.4.0

Release 0.4.2 (Sep 10, 2021)

Releases(0.9.2)

0.9.2(Oct 14, 2022)

0.5.0(Oct 24, 2015)

0.4.1(Apr 15, 2015)

0.4.0(Apr 6, 2015)

0.3.0(Feb 5, 2015)

0.2.0(Jan 11, 2015)

0.1.0(Jan 11, 2015)

Owner

//SEIBERT/MEDIA GmbH

The code behind sqlfmt.com, a web UI for sqlfmt

Expense Tracker is a very good tool to keep track of your expenseditures and the total money you saved.

A 100% python file organizer. Keep your computer always organized!

A Puzzle A Day Keep the Work Away

Repls goes to sleep due to inactivity, but to keep it awake, simply host a webserver and ping it.

A water drinking notification every hour to keep you healthy while coding :)

ToDo - A simple bot to keep track of things you need to do

Feature engineering library that helps you keep track of feature dependencies, documentation and schema

A simple way to read and write LAPS passwords from linux.

A password genarator/manager for passwords uesing a pseudorandom number genarator

Password-Manager - A Password Manager application made using Python. You can use this python application to store and to see the stored passwords

Purge your likes and wall comments from VKontakte. Set yourself free from your digital footprint.

switching computer? changing your setup? You need to automate the download of your current setup? This is the right tool for you :incoming_envelope:

🗽 Like yarn outdated/upgrade, but for pip. Upgrade all your pip packages and automate your Python Dependency Management.

A python tool that creates issues in your repos based on TODO comments in your code

Add your recently blog and douban states in your GitHub Profile

edgetest is a tox-inspired python library that will loop through your project's dependencies, and check if your project is compatible with the latest version of each dependency

An app that mirrors your phone to your compute and maps controller input to the screen

An assistant to guess your pip dependencies from your code, without using a requirements file.

`v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>`__

`v2.3.0 <https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0>`__

`v2.2.0 <https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0>`__