Draft Releases Pre-Review #1

alanbato · 2020-10-01T22:51:05Z

Working on a full description of the problem we're trying to solve and how this PR approaches a solution to said problem.

brainwane · 2020-12-03T17:11:05Z

@alanbato it seems to me it would be better for you to go ahead and make this a pull request against master on the main PyPA Warehouse repository, so more people can share their feedback. Thank you!

alanbato · 2020-12-06T22:27:31Z

Will do!

brainwane · 2020-12-18T17:24:10Z

Checking on this @alanbato :-)

alanbato · 2020-12-19T02:50:50Z

Finally got around to finish the write-up! So here it is: pypi#8941

Bumps [google-resumable-media](https://github.com/googleapis/google-resumable-media-python) from 2.0.3 to 2.1.0. - [Release notes](https://github.com/googleapis/google-resumable-media-python/releases) - [Changelog](https://github.com/googleapis/google-resumable-media-python/blob/main/CHANGELOG.md) - [Commits](googleapis/google-resumable-media-python@v2.0.3...v2.1.0) --- updated-dependencies: - dependency-name: google-resumable-media dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

Bumps [tomli](https://github.com/hukkin/tomli) from 1.2.1 to 1.2.2. - [Release notes](https://github.com/hukkin/tomli/releases) - [Changelog](https://github.com/hukkin/tomli/blob/master/CHANGELOG.md) - [Commits](hukkin/tomli@1.2.1...1.2.2) --- updated-dependencies: - dependency-name: tomli dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

Bumps [factory-boy](https://github.com/FactoryBoy/factory_boy) from 3.2.0 to 3.2.1. - [Release notes](https://github.com/FactoryBoy/factory_boy/releases) - [Changelog](https://github.com/FactoryBoy/factory_boy/blob/3.2.1/docs/changelog.rst) - [Commits](FactoryBoy/factory_boy@3.2.0...3.2.1) --- updated-dependencies: - dependency-name: factory-boy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

* Bump pyramid-multiauth from 1.0.0 to 1.0.1 Bumps [pyramid-multiauth](https://github.com/mozilla-services/pyramid_multiauth) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/mozilla-services/pyramid_multiauth/releases) - [Changelog](https://github.com/mozilla-services/pyramid_multiauth/blob/master/CHANGES.txt) - [Commits](mozilla-services/pyramid_multiauth@1.0.0...1.0.1) --- updated-dependencies: - dependency-name: pyramid-multiauth dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Use dash instead of underscore Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

Bumps [protobuf](https://github.com/protocolbuffers/protobuf) from 3.19.0 to 3.19.1. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/master/generate_changelog.py) - [Commits](protocolbuffers/protobuf@v3.19.0...v3.19.1) --- updated-dependencies: - dependency-name: protobuf dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

Bumps [importlib-resources](https://github.com/python/importlib_resources) from 5.3.0 to 5.4.0. - [Release notes](https://github.com/python/importlib_resources/releases) - [Changelog](https://github.com/python/importlib_resources/blob/main/CHANGES.rst) - [Commits](python/importlib_resources@v5.3.0...v5.4.0) --- updated-dependencies: - dependency-name: importlib-resources dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

Bumps [black](https://github.com/psf/black) from 21.9b0 to 21.10b0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/commits) --- updated-dependencies: - dependency-name: black dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

Bumps [packaging](https://github.com/pypa/packaging) from 21.0 to 21.2. - [Release notes](https://github.com/pypa/packaging/releases) - [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst) - [Commits](pypa/packaging@21.0...21.2) --- updated-dependencies: - dependency-name: packaging dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.3.0 to 2.3.3. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](googleapis/google-auth-library-python@v2.3.0...v2.3.3) --- updated-dependencies: - dependency-name: google-auth dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

Bumps [lxml](https://github.com/lxml/lxml) from 4.6.3 to 4.6.4. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](lxml/lxml@lxml-4.6.3...lxml-4.6.4) --- updated-dependencies: - dependency-name: lxml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

Bumps [py](https://github.com/pytest-dev/py) from 1.10.0 to 1.11.0. - [Release notes](https://github.com/pytest-dev/py/releases) - [Changelog](https://github.com/pytest-dev/py/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/py@1.10.0...1.11.0) --- updated-dependencies: - dependency-name: py dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

Bumps [pbr](https://docs.openstack.org/pbr/latest/) from 5.6.0 to 5.7.0. --- updated-dependencies: - dependency-name: pbr dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

Bumps [google-cloud-bigquery](https://github.com/googleapis/python-bigquery) from 2.28.1 to 2.30.1. - [Release notes](https://github.com/googleapis/python-bigquery/releases) - [Changelog](https://github.com/googleapis/python-bigquery/blob/main/CHANGELOG.md) - [Commits](googleapis/python-bigquery@v2.28.1...v2.30.1) --- updated-dependencies: - dependency-name: google-cloud-bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

Bumps [pycparser](https://github.com/eliben/pycparser) from 2.20 to 2.21. - [Release notes](https://github.com/eliben/pycparser/releases) - [Changelog](https://github.com/eliben/pycparser/blob/master/CHANGES) - [Commits](eliben/pycparser@release_v2.20...release_v2.21) --- updated-dependencies: - dependency-name: pycparser dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

Bumps [botocore](https://github.com/boto/botocore) from 1.22.0 to 1.22.12. - [Release notes](https://github.com/boto/botocore/releases) - [Changelog](https://github.com/boto/botocore/blob/develop/CHANGELOG.rst) - [Commits](boto/botocore@1.22.0...1.22.12) --- updated-dependencies: - dependency-name: botocore dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

Bumps [isort](https://github.com/pycqa/isort) from 5.9.3 to 5.10.1. - [Release notes](https://github.com/pycqa/isort/releases) - [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md) - [Commits](PyCQA/isort@5.9.3...5.10.1) --- updated-dependencies: - dependency-name: isort dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

Follows on from pypi#9979 - Updates CSP for connect-src used for placement view reporting - Tweaks CSS to better style/differentiate logo placement

Bumps [trove-classifiers](https://github.com/pypa/trove-classifiers) from 2021.10.20 to 2021.11.17. - [Release notes](https://github.com/pypa/trove-classifiers/releases) - [Commits](https://github.com/pypa/trove-classifiers/commits) --- updated-dependencies: - dependency-name: trove-classifiers dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

Until all `make` targets are built in containers, a new contributor will stumble on this error and there's nothing in the docs that tell you what you need. Refs: pypi#4948 Signed-off-by: Mike Fiedler <miketheman@gmail.com>

* [WIP] initial renamings and migration * migrations: bump revision * Revert "migrations: bump revision" This reverts commit 38035bd. * tests, warehouse: update tests * migrations: rename instead of drop/add

* Add the missing index for the events tables * Bring project_events foreign key inline with other tables

* Remove 'add another token' form from token creation page * Update translations

The `bin/static_lint` step of `make lint` was throwing an error: + export LC_ALL=en_US.UTF-8 + LC_ALL=en_US.UTF-8 + export LANG=en_US.UTF-8 + LANG=en_US.UTF-8 + ./node_modules/.bin/eslint 'warehouse/static/js/**' '**.js' 'tests/frontend/**' --ignore-pattern 'warehouse/static/js/vendor/**' bin/static_lint: line 12: ./node_modules/.bin/eslint: No such file or directory make: *** [lint] Error 1 Fixed by running `bin/static_lint` in the `static` Docker container.

* Focus 2FA TOTP field * i18n Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

* Bump cryptography from 36.0.2 to 37.0.0 Bumps [cryptography](https://github.com/pyca/cryptography) from 36.0.2 to 37.0.0. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@36.0.2...37.0.0) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump botocore-stubs from 1.24.38 to 1.25.1 Bumps [botocore-stubs](https://github.com/youtype/mypy_boto3_builder) from 1.24.38 to 1.25.1. - [Release notes](https://github.com/youtype/mypy_boto3_builder/releases) - [Commits](https://github.com/youtype/mypy_boto3_builder/commits) --- updated-dependencies: - dependency-name: botocore-stubs dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump boto3-stubs from 1.21.38 to 1.22.1 Bumps [boto3-stubs](https://github.com/youtype/mypy_boto3_builder) from 1.21.38 to 1.22.1. - [Release notes](https://github.com/youtype/mypy_boto3_builder/releases) - [Commits](https://github.com/youtype/mypy_boto3_builder/commits) --- updated-dependencies: - dependency-name: boto3-stubs dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump sqlalchemy[asyncio] from 1.4.35 to 1.4.36 Bumps [sqlalchemy[asyncio]](https://github.com/sqlalchemy/sqlalchemy) from 1.4.35 to 1.4.36. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy[asyncio] dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump boto3 from 1.21.38 to 1.22.1 Bumps [boto3](https://github.com/boto/boto3) from 1.21.38 to 1.22.1. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.21.38...1.22.1) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump limits from 2.4.0 to 2.6.1 Bumps [limits](https://github.com/alisaifee/limits) from 2.4.0 to 2.6.1. - [Release notes](https://github.com/alisaifee/limits/releases) - [Changelog](https://github.com/alisaifee/limits/blob/master/HISTORY.rst) - [Commits](alisaifee/limits@2.4.0...2.6.1) --- updated-dependencies: - dependency-name: limits dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump types-redis from 4.1.19 to 4.2.0 Bumps [types-redis](https://github.com/python/typeshed) from 4.1.19 to 4.2.0. - [Release notes](https://github.com/python/typeshed/releases) - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-redis dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump pytest from 7.1.1 to 7.1.2 Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.1.1 to 7.1.2. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@7.1.1...7.1.2) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump pygments from 2.11.2 to 2.12.0 Bumps [pygments](https://github.com/pygments/pygments) from 2.11.2 to 2.12.0. - [Release notes](https://github.com/pygments/pygments/releases) - [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES) - [Commits](pygments/pygments@2.11.2...2.12.0) --- updated-dependencies: - dependency-name: pygments dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump faker from 13.3.4 to 13.4.0 Bumps [faker](https://github.com/joke2k/faker) from 13.3.4 to 13.4.0. - [Release notes](https://github.com/joke2k/faker/releases) - [Changelog](https://github.com/joke2k/faker/blob/master/CHANGELOG.md) - [Commits](joke2k/faker@v13.3.4...v13.4.0) --- updated-dependencies: - dependency-name: faker dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump protobuf from 3.20.0 to 3.20.1 Bumps [protobuf](https://github.com/protocolbuffers/protobuf) from 3.20.0 to 3.20.1. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/generate_changelog.py) - [Commits](protocolbuffers/protobuf@v3.20.0...v3.20.1) --- updated-dependencies: - dependency-name: protobuf dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump google-auth from 2.6.3 to 2.6.6 Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.6.3 to 2.6.6. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](googleapis/google-auth-library-python@v2.6.3...v2.6.6) --- updated-dependencies: - dependency-name: google-auth dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump types-psycopg2 from 2.9.10 to 2.9.13 Bumps [types-psycopg2](https://github.com/python/typeshed) from 2.9.10 to 2.9.13. - [Release notes](https://github.com/python/typeshed/releases) - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-psycopg2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump babel from 2.9.1 to 2.10.1 Bumps [babel](https://github.com/python-babel/babel) from 2.9.1 to 2.10.1. - [Release notes](https://github.com/python-babel/babel/releases) - [Changelog](https://github.com/python-babel/babel/blob/master/CHANGES.rst) - [Commits](python-babel/babel@v2.9.1...v2.10.1) --- updated-dependencies: - dependency-name: babel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump types-requests from 2.27.16 to 2.27.20 Bumps [types-requests](https://github.com/python/typeshed) from 2.27.16 to 2.27.20. - [Release notes](https://github.com/python/typeshed/releases) - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-requests dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump readme-renderer[md] from 34.0 to 35.0 Bumps [readme-renderer[md]](https://github.com/pypa/readme_renderer) from 34.0 to 35.0. - [Release notes](https://github.com/pypa/readme_renderer/releases) - [Changelog](https://github.com/pypa/readme_renderer/blob/main/CHANGES.rst) - [Commits](pypa/readme_renderer@34.0...35.0) --- updated-dependencies: - dependency-name: readme-renderer[md] dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump types-setuptools from 57.4.12 to 57.4.14 Bumps [types-setuptools](https://github.com/python/typeshed) from 57.4.12 to 57.4.14. - [Release notes](https://github.com/python/typeshed/releases) - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-setuptools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump types-html5lib from 1.1.6 to 1.1.7 Bumps [types-html5lib](https://github.com/python/typeshed) from 1.1.6 to 1.1.7. - [Release notes](https://github.com/python/typeshed/releases) - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-html5lib dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump types-python-slugify from 5.0.3 to 5.0.4 Bumps [types-python-slugify](https://github.com/python/typeshed) from 5.0.3 to 5.0.4. - [Release notes](https://github.com/python/typeshed/releases) - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-python-slugify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump types-urllib3 from 1.26.11 to 1.26.13 Bumps [types-urllib3](https://github.com/python/typeshed) from 1.26.11 to 1.26.13. - [Release notes](https://github.com/python/typeshed/releases) - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-urllib3 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump amqp from 5.1.0 to 5.1.1 Bumps [amqp](https://github.com/celery/py-amqp) from 5.1.0 to 5.1.1. - [Release notes](https://github.com/celery/py-amqp/releases) - [Changelog](https://github.com/celery/py-amqp/blob/master/Changelog) - [Commits](celery/py-amqp@v5.1.0...v5.1.1) --- updated-dependencies: - dependency-name: amqp dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump platformdirs from 2.5.1 to 2.5.2 Bumps [platformdirs](https://github.com/platformdirs/platformdirs) from 2.5.1 to 2.5.2. - [Release notes](https://github.com/platformdirs/platformdirs/releases) - [Changelog](https://github.com/platformdirs/platformdirs/blob/main/CHANGES.rst) - [Commits](tox-dev/platformdirs@2.5.1...2.5.2) --- updated-dependencies: - dependency-name: platformdirs dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump sentry-sdk from 1.5.9 to 1.5.10 Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.5.9 to 1.5.10. - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-python@1.5.9...1.5.10) --- updated-dependencies: - dependency-name: sentry-sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump soupsieve from 2.3.2 to 2.3.2.post1 Bumps [soupsieve](https://github.com/facelessuser/soupsieve) from 2.3.2 to 2.3.2.post1. - [Release notes](https://github.com/facelessuser/soupsieve/releases) - [Commits](facelessuser/soupsieve@2.3.2...2.3.2.post1) --- updated-dependencies: - dependency-name: soupsieve dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump google-cloud-storage from 2.2.1 to 2.3.0 Bumps [google-cloud-storage](https://github.com/googleapis/python-storage) from 2.2.1 to 2.3.0. - [Release notes](https://github.com/googleapis/python-storage/releases) - [Changelog](https://github.com/googleapis/python-storage/blob/main/CHANGELOG.md) - [Commits](googleapis/python-storage@v2.2.1...v2.3.0) --- updated-dependencies: - dependency-name: google-cloud-storage dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…cified in the pkginfo twice (in the Home-page or Download-URL field and again in one of the Project-URL fields). closes pypi#11220 (pypi#11273)

Bumps [cryptography](https://github.com/pyca/cryptography) from 37.0.0 to 37.0.1. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@37.0.0...37.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* tests, warehouse: validate job_workflow_ref Add a bunch of counterexample tests to be certain. * oidc/models: wrap `re.match` to make mypy happy * tests/oidc: update * warehouse, tests: fix `job_workflow_ref` regex * tests, warehouse: refactor `job_workflow_ref` again * warehouse, tests: refactor `job_workflow_ref` verification again Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

@ewdurbin

* admin-new-organization-approved email template * admin-new-organization-declined email template * new-organization-approved email template * new-organization-declined email template * Remove translations from admin-* emails Realized that translations for admin-* emails don't really make sense. Similar to commit bec7058. * Test *new-organization-{approved,declined} emails - admin-new-organization-approved - admin-new-organization-declined - new-organization-approved - new-organization-declined * Mockup of approve organization form for admin * Add message textarea to approve organization form * Add more context to approve organization form * Rename view admin.organization.{approve => detail} * Implement GET approve organization form * Revamp UX for approve organization form As @ewdurbin pointed out, the approve organziation form in the admin interface should use the same design as the rest of the admin interface: - Changed style to AdminLTE theme. - Moved *Approve* or *Decline* dialog to *Actions* box. - Added confirmation modals for *Approve* or *Decline*. - Added *type orgnization name to confirm* to confirmation modals. The *Actions* box and confirmation modals follow the same patterns used in the user detail admin page. * Implement POST approve organization form * Get requesting user for approve organization form Used Organization.events relationship per @sterbo's suggestion. * Handle status in approve organization form - Add "Approval Status" to "Organization Request" details - Allow admin to change approval decision - Disable "Approve" button if already approved - Disable "Decline" button if already declined * Store id instead of username in new events `Organization.Event` with tag: - organization.approve - organization.decline * GET /admin/organizations/ to list organizations * Add "Organizations" to admin sidebar Show only if `AdminFlagValue.DISABLE_ORGANIZATIONS` is unchecked. * Test GET /admin/organizations/ * NFC: Rename tests *_{disallow => disable}_organizations * "Organizations" admin 404 if disable-organizations 404 Not Found for "Organizations" admin if `disable-organizations` admin flag is checked. * NFC: `organization_*` prefix for admin org views * GET /admin/organizations/?q=... faceted search * GET /admin/organizations?q=... improved search UI * Update tests for GET /admin/organizations/ * Link breadcrumb to GET /admin/organizations/ * Fix flaky tests for /admin/organizations/ - Avoid unstable sort using `.normalized_name.lower()` as key - Avoid unreliable comparison of `paginate.Page` and `list` Co-authored-by: Ee Durbin <ewdurbin@gmail.com>

* warehouse: begin using security policies WIP. * Remove pyramid-multiauth, begin switching to security policies * migrations: remove incorrectly checked in migrations * warehouse: fix principals a little bit * warehouse: begin using real security policies Also fixes the weirdness with ACLs. * warehouse: port basic auth * warehouse: port macaroon policy, remove transition shim * utils/security_policy: fix principals Again. * warehouse: fix lint * tests/unit: rename-o-rama * Improve the readabililty of the overall diff * warehouse: refactor security policies Punt principal handling further down, remove the generic identity implementation, etc. etc. * macaroons/security_policy: remove redundant route check * accounts/security_policy: lint * Update warehouse/utils/security_policy.py Co-authored-by: Joachim Jablon <ewjoachim@gmail.com> * macaroons/security_policy: avoid a DB roundtrip * utils/security_policy: simplify principals, add comment * utils/security_policy: re-add id principal * warehouse: disambiguate user IDs inside the principal set * packaging/models: blacken * tests, warehouse: the long and winding road * tests/packaging: fix ACL tests * tests, warehouse: rewrite account security policy tests * macaroons: make the tests pass * tests: finish tests * warehouse: move session invalidation to session authn * tests, warehouse: update tests * utils/security_policy: authenticated_userid only works for user identities * tests: update utils/security_policy tests Co-authored-by: Dustin Ingram <di@users.noreply.github.com> Co-authored-by: Joachim Jablon <ewjoachim@gmail.com>

alanbato mentioned this pull request Nov 3, 2020

Draft release feature on main archive to allow testing a release before it goes live pypi/warehouse#726

Open

alanbato force-pushed the draft-releases branch from 052a648 to 04f3ea8 Compare December 12, 2020 21:55

alanbato force-pushed the draft-releases branch from 026736f to f61709a Compare March 15, 2021 21:23

alanbato force-pushed the draft-releases branch 3 times, most recently from f827a40 to 380accc Compare April 13, 2021 23:13

dependabot bot and others added 20 commits November 16, 2021 18:00

Tweaks for sponsor logo placements (pypi#10367)

7fe2f3d

Follows on from pypi#9979 - Updates CSP for connect-src used for placement view reporting - Tweaks CSS to better style/differentiate logo placement

Add transition from 'Bounced' to 'Delivered' (pypi#10378)

68aa0b9

docs: prepare the user that they need python 3.8 (pypi#10393)

597938c

Until all `make` targets are built in containers, a new contributor will stumble on this error and there's nothing in the docs that tell you what you need. Refs: pypi#4948 Signed-off-by: Mike Fiedler <miketheman@gmail.com>

woodruffw and others added 21 commits April 25, 2022 18:06

OIDC: More claims for GitHub's provider (pypi#11239)

7726113

* [WIP] initial renamings and migration * migrations: bump revision * Revert "migrations: bump revision" This reverts commit 38035bd. * tests, warehouse: update tests * migrations: rename instead of drop/add

Generic events: sync models & migrations (pypi#11254)

7adfd8e

* Add the missing index for the events tables * Bring project_events foreign key inline with other tables

Remove 'add another token' form from token creation page (pypi#11260)

7e85440

* Remove 'add another token' form from token creation page * Update translations

Focus 2FA TOTP field (pypi#9851)

cdb1f7a

* Focus 2FA TOTP field * i18n Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

Fix erroneous migration originating from pypi#11184 (pypi#11271)

47d25b3

avoid duplicating homepage/download links in case the same url is spe…

aee1e8b

…cified in the pkginfo twice (in the Home-page or Download-URL field and again in one of the Project-URL fields). closes pypi#11220 (pypi#11273)

Draft Releases working

0a362e2

Draft Releases now uploadable by twine

6d65127

Fix security history tag display

15e79b8

Remove old migrations

56a8236

Pre-review ready

db1369d

Fix tests :)

9dc0a13

Fix tests, again :)

9294a52

Update translations file, remove backup migration

abc3e66

alanbato force-pushed the draft-releases branch from 380accc to abc3e66 Compare May 2, 2022 19:31

di and others added 8 commits May 2, 2022 20:08

Update translations

80058fe

Bring migration back to head

9b2ae55

Remove deprecated factory.fuzzy usage

d3c11f8

Remove duplicate version entry

283fc03

Add successful draft upload test

e3d6951

Fix successful draft upload test

a231b22

Fix lint

9eb26c2

Fix lint x2

f5dfa44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Draft Releases Pre-Review #1

Draft Releases Pre-Review #1

alanbato commented Oct 1, 2020

brainwane commented Dec 3, 2020

alanbato commented Dec 6, 2020

brainwane commented Dec 18, 2020

alanbato commented Dec 19, 2020

Draft Releases Pre-Review #1

Are you sure you want to change the base?

Draft Releases Pre-Review #1

Conversation

alanbato commented Oct 1, 2020

brainwane commented Dec 3, 2020

alanbato commented Dec 6, 2020

brainwane commented Dec 18, 2020

alanbato commented Dec 19, 2020