A generic JSON document store with sharing and synchronisation capabilities.

Overview
Comments
  • Add account validation capability to the accounts plugin

    Add account validation capability to the accounts plugin

    Fixes #1973

    Try it here: https://kinto.github.io/kinto-account-demo/

    • [x] Register a new account
    • [x] Send an email on account creation with a link to the activation form with the activation key
    • [x] Validate (activate) an account
    • [x] Reset a password
    • [x] Add documentation.
    • [x] Add tests.
    • [x] Add a changelog entry.
    • [x] If you changed the HTTP API, update the API_VERSION constant and add an API changelog entry in the docs
    • [x] If you added a new configuration setting, update the kinto.tpl file with it.
    • [x] Only load validate and reset-password endpoints if the email_validation feature is activated More info
    • [x] Update the capabilities to add a boolean info in the accounts feature rather than having multiple capabilities More info
    • [ ] Add a heartbeat that would try to connect to the SMTP service to validate that we can send emails, it would default to true in debug mode. See pyramld_mailer related discussion
    • [x] Move the mail sending to a listener/dedicated functions

    This is a work in progress, may I have some feedback on the current work before pushing forward with the reset password functionality and the documentation?

    Thanks!

    opened by magopian 35
  • Openid connect support (fixes #939)

    Openid connect support (fixes #939)

    Fixes #939

    • [x] Add docs
    • [x] Move to plugins folder
    • [x] Choose appropriate settings name
    • [x] Add tests
    • [x] Publish demo somewhere?
    • [x] Create issue for kinto-admin support
    • [ ] Add mention in Github tutorial ? ref #508
    • [x] Polish OpenAPI spec
    • [x] Reject scope that does not contain email if the configured userid_field is email
    • [ ] Implement the scope filtering as we did for kinto-fxa

    We could make this piece of code work with both Auth0 and Firefox Accounts \o/

    @rfk f?

    opened by leplatrem 27
  • [WIP] Optimize postgresql storage get all fixes 1507

    [WIP] Optimize postgresql storage get all fixes 1507

    Fixes #1507

    • [ ] Add documentation.
    • [x] Add tests.
    • [x] Add a changelog entry.
    • [x] Add your name in the contributors file.
    • [ ] If you changed the HTTP API, update the API_VERSION constant and add an API changelog entry in the docs
    • [ ] If you added a new configuration setting, update the kinto.tpl file with it.
    opened by peterbe 26
  • Add OpenAPI/Swagger spec (fixes #631)

    Add OpenAPI/Swagger spec (fixes #631)

    Fixes #631

    Features:

    Limitations:

    • No support for schema free fields.
      • Treated like extensions for code generators (may raise warnings on other utilities)
      • No filtering
      • No field selection
      • No validation on collection schema
    • No validation on OR required clauses (ex: provide data or permissions)
    • No validation for fields that are required on response, but not on request (ex: id doesn't show as a required field), doing so would result in two different object definitions for each object, which would add unnecessary complexity to the clients IMO)
    • Backoff headers

    Pending:

    • [x] Investigate memory usage on py27-raw TOX environment.
    • [x] Allow setting the spec on configuration.
    • [x] Allow plugins to register themselves to the spec.
    • [x] Use YAML instead of JSON.
    • [x] Allow other authentication methods. (may be defined as regular plugins)
    • [x] Add Custom Headers (If-Match/If-None-Match/Etag)
    • [x] Add utility tests
    • [x] Investigate ways to test for coverage (we test all operations with test_resources)
    • [x] Add more descriptions to the spec.
    • [x] Add batch validation tests
    • [x] Upgrade documentation.
    • [x] Add a changelog entry.
    • [x] Update the API changelog.

    r? @glasserc @Natim @leplatrem

    in progress 
    opened by gabisurita 22
  • Thoughts about a

    Thoughts about a "register to newsletter" plugin

    The idea is that sometimes a new record has to be created from a front-end, with the "admin" rights, but we obviously don't want the admin credentials to be available on the front-end.

    Such a case is when you want to allow a user to register to a newsletter on your website: if you create all the records with the same user, that same user can view the list of all the registered emails for the newsletter (even if the permissions don't include read : system.Everyone, as an owner it has the read permission).

    So this plugin would add an endpoint that would allow an anonymous POST to create a record as a different registered user, transferring the ownership.

    Example configuration:

    kinto.newsletter.bucket = myproject
    kinto.newsletter.collection = newsletter
    kinto.newsletter.owner = account:admin
    

    Example usage:

    echo '{"data": {"email": "[email protected]", "name": "test name"}}' | http POST https://kinto.server/v1/newsletter

    Propositions:

    • instead of adding a /newsletter root endpoint it could be a "leaf" endpoint like the kinto-attachment plugin does: http POST https://..../v1/buckets/foo/collections/bar/newsletter
    • this plugin could be more generic and be "create-for-owner" or "create-as-account", and you could be able to create a record and pass in the owner as metadata: echo '{"data": {...}, "owner": "account:admin"} | http POST .... In this case, we might want to discuss the security and configuration implications (provide a list of allowed owners? A list of allowed resources to create with a different owner?)

    As a heads up: the same "newsletter" use case could be fixed by having finer grained permissions (eg a "read-only" permission that would not give read access to the owner/creator).

    opened by magopian 18
  • Do we need to support get_all with a wildcard parent_id?

    Do we need to support get_all with a wildcard parent_id?

    While investigating #1507, @peterbe discovered that the DISTINCT doesn't really make sense unless you have a wildcard parent_id. He proved this to his own satisfaction by removing DISTINCT and observing that no tests break.

    Under what circumstances do we even have a wildcard parent_id? Unlike delete, where you might want to delete a thing and all its children, I couldn't think of a way to invoke this mechanism using the HTTP API. Indeed, there's a subtle bug in the current query and the fact that nobody has reported it makes me suspect that nobody ever actually uses it. Can we get rid of it?

    opened by glasserc 18
  • record:create permissions needs to access the schema.

    record:create permissions needs to access the schema.

    I had a quick chat with @enguerran who is planning to use Kinto with a similar use case than the formbuilder:

    • People can create collection with an associate schema in a bucket:
      • bucket_permissions: collection_create: Authenticated
      • collection_permissions: record:create: Authenticated

    The problem if you do that is that people that needs to create record in the collection cannot actually access the schema.

    However if you add the read permission on the collection, they can read the schema as well as all records in the collection (their and other's people onces.)

    The use case there is to have the admin to be able to read all records and users to be able to see only their own records for a given collection.

    We also want to be able to list the collection the user can administrate. It makes it impossible if we give the read permission on the collection.

    A quick fix would be to allow to read the schema or the collection data if we give the record:create permission.

    bug duplicate protocol 
    opened by Natim 18
  • Consistency on PUT with mandatory schema fields

    Consistency on PUT with mandatory schema fields

    While working on #790 I realize that there is something not clear in our specifications.

    Currently, if a resource has a mandatory field (eg. groups members), then we cannot do a PUT with just the permissions values. This is because a PUT can lead to a creation, and the members fields has to be provided.

    On other resources, which have no mandatory field, it is perfectly possible to only provide permissions.

    But, I believe we should make every resources behave the same way.

    For example, when we'll implement the edition of permissions in Kinto-admin, we don't want to have to pass the data if it was not changed.

    Two solutions:

    • Add a default value ([]) for the groups members attribute (my prefered one, trivial and not absurd)
    • Allow data to be omitted only when the PUT replaces an existing object (more complex to implement, but would work for any resource with mandatory fields)
    bug easy-pick protocol 
    opened by leplatrem 18
  • Move up to fstrings

    Move up to fstrings

    Fixes #1659

    For when it's necessary to drop support for older Python Versions.

    • [x] kinto/config/__init__.py
    • [x] kinto/schema_validation.py
    • [x] kinto/core/scripts.py
    • [x] kinto/core/openapi.py
    • [x] kinto/core/__init__.py
    • [x] kinto/core/utils.py
    • [x] kinto/core/cache/postgresql/__init__.py
    • [x] kinto/core/storage/memory.py
    • [x] kinto/core/storage/exceptions.py
    • [x] kinto/core/storage/postgresql/client.py
    • [x] kinto/core/storage/testing.py
    • [x] kinto/core/statsd.py
    • [x] kinto/core/initialization.py
    • [x] kinto/core/resource/model.py
    • [x] kinto/core/resource/schema.py
    • [x] kinto/core/permission/memory.py
    • [x] kinto/core/views/heartbeat.py
    • [x] kinto/core/views/errors.py
    • [x] kinto/core/views/batch.py
    • [x] kinto/core/testing.py
    • [x] kinto/plugins/quotas/scripts.py
    • [x] kinto/plugins/quotas/listener.py
    • [x] kinto/plugins/openid/__init__.py
    • [x] kinto/plugins/openid/views.py
    • [x] kinto/plugins/default_bucket/__init__.py
    • [x] kinto/plugins/history/listener.py
    • [x] kinto/authorization.py
    • [x] kinto/views/records.py
    • [x] kinto/core/authentication.py
    • [x] kinto/core/events.py
    • [x] kinto/core/storage/postgresql/__init__.py
    • [x] kinto/core/storage/postgresql/migrator.py
    • [x] kinto/core/errors.py
    • [x] kinto/core/resource/__init__.py
    • [x] kinto/core/resource/viewset.py
    • [x] kinto/core/permission/postgresql/__init__.py
    • [x] kinto/core/authorization.py
    • [x] kinto/plugins/accounts/scripts.py
    • [x] kinto/plugins/accounts/__init__.py
    • [x] kinto/plugins/accounts/views.py
    • [x] kinto/plugins/accounts/authentication.py
    • [x] kinto/views/permissions.py
    • [x] kinto/views/groups.py
    • [x] kinto/__main__.py

    Cleanup

    • [x] Add documentation.
    • [x] Add tests.
    • [x] Add a changelog entry.
    opened by DrFaustie 17
  • Performance of plural endpoint with millions of records

    Performance of plural endpoint with millions of records

    Reaching a plural endpoint with a million record should be super fast when using pagination (?_limit=10) or filtering. Apparently, it's not the case.

    I suspect https://github.com/Kinto/kinto/pull/1267 to be responsible for the regression.

    See https://github.com/mozilla-services/buildhub/issues/350 (840K records)

    For anyone interested in tackling this, here is a quick way to fill up a collection with fake records:

    $ psql -h localhost -U postgres -w
    
    
    DO
    $$
    BEGIN
        FOR i IN 1..100000 LOOP
           INSERT INTO records (id, parent_id, collection_id) VALUES ('id-' || i, '/buckets/a/collections/b', 'record');
        END LOOP;
    END;
    $$;
    
    bug 
    opened by leplatrem 17
  • Thoughts about an

    Thoughts about an "accounts registration" plugin

    Following some discussions, here's my rough thoughts on creating an "accounts registration" plugin. The use case is having a flow for users to 1/ register an account 2/ receive a "registration code" via email 2/ validate their email using this "registration code" 3/ reset their password if needed

    Register an account

    1/ anonymous POST on /accountsmgmt/register/<email> 2/ this creates a record {"id": email, "password": hash, "registration-code": uuid} 3/ an email is sent with a link to /accountsmgmt/register/validate/<registration-code> 4/ GETing /accountsmgmt/register/validate/<registration-code> returns the ID which is the username (the email) 5/ POSTing to /accountsmgmt/register/validate/<registration-code> creates a kinto account with the same id and password, and updates the current "register" record to mark it as used (or deletes it)

    Resetting a password

    1/ anonymous POST on acountsmgmt/resetpassword/<email> 2/ this creates a record {"id": email, "reset-code": uuid} 3/ an email is sent with a link to /accountsmgmt/resetpassword/reset/<reset-code> 4/ GETing /accountsmgmt/resetpassword/<reset-code> returns the ID which is the username (the email) 5/ POSTing the new password to /accountsmgmt/resetpassword/reset/<reset-code> updates the kinto account with the same ID, and updates the current "register" record to mark it as used (or deletes it)

    Using the email (username) as the ID as the advantage of not having several registration or password reset codes laying around for the same user. The drawback is that we're not benefiting from the "kinto resource" management as we're GET/POST-ing on endpoints that are the registration or password reset codes, and not the IDs.

    Not sure if that makes sense? Do you have any feedback, ideas or tips?

    question plugin-idea scope:authentication 
    opened by magopian 16
  • Bump tox from 3.27.1 to 4.0.18

    Bump tox from 3.27.1 to 4.0.18

    Bumps tox from 3.27.1 to 4.0.18.

    Release notes

    Sourced from tox's releases.

    4.0.18

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.17...4.0.18

    4.0.17

    What's Changed

    New Contributors

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.16...4.0.17

    4.0.16

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.15...4.0.16

    4.0.15

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.14...4.0.15

    4.0.14

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.13...4.0.14

    4.0.13

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.12...4.0.13

    4.0.12

    ... (truncated)

    Changelog

    Sourced from tox's changelog.

    v4.0.18 (2022-12-26)

    Bugfixes - 4.0.18

    - Strip leading and trailing whitespace when parsing elements in requirement files - by :user:`gaborbernat`. (:issue:`2773`)
    

    v4.0.17 (2022-12-25)

    Features - 4.0.17

    • Suppress a report output when verbosity = 0. (:issue:2697)

    Bugfixes - 4.0.17

    - Fix ``--sdistonly`` behaviour. (:issue:`2653`)
    - Override toxworkdir with --workdir. (:issue:`2654`)
    

    v4.0.16 (2022-12-20)

    Bugfixes - 4.0.16

    • Fix :ref:change_dir is relative to current working directory rather than to the :ref:tox_root when using the -c argument to locate the tox.ini file - by :user:gaborbernat. (:issue:2619)

    v4.0.15 (2022-12-19)

    Bugfixes - 4.0.15

    - Fix tox auto-provisioning not working and relax :ref:`min_version` default from ``4.0`` to no version constraint
      - by user:`gaborbernat`. (:issue:`2634`)
    - Fix assertion in ``test_result_json_sequential`` when interpreter ``_base_executable`` is a hardlink (macOS homebrew)
      - by user:`masenf`. (:issue:`2720`)
    - Complex negative factor filters not working  - by user:`gaborbernat`. (:issue:`2747`)
    

    v4.0.14 (2022-12-18)

    Bugfixes - 4.0.14

    • Do not include non test environment sections or factor filters in INI configuration to factor discovery - by :user:gaborbernat. (:issue:2746)

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 0
  • Bump isort from 5.10.1 to 5.11.4

    Bump isort from 5.10.1 to 5.11.4

    Bumps isort from 5.10.1 to 5.11.4.

    Release notes

    Sourced from isort's releases.

    5.11.4

    Changes

    :package: Dependencies

    5.11.3

    Changes

    :beetle: Fixes

    :construction_worker: Continuous Integration

    v5.11.3

    Changes

    :beetle: Fixes

    :construction_worker: Continuous Integration

    5.11.2

    Changes

    5.11.1

    Changes December 12 2022

    ... (truncated)

    Changelog

    Sourced from isort's changelog.

    5.11.4 December 21 2022

    5.11.3 December 16 2022

    5.11.2 December 12 2022

    5.11.1 December 12 2022

    5.11.0 December 12 2022

    Commits
    • 98390f5 Merge pull request #2059 from PyCQA/version/5.11.4
    • df69a05 Bump version 5.11.4
    • f9add58 Merge pull request #2058 from PyCQA/deps/poetry-1.3.1
    • 36caa91 Bump Poetry 1.3.1
    • 3c2e2d0 Merge pull request #1978 from mgorny/toml-test
    • 45d6abd Remove obsolete toml import from the test suite
    • 3020e0b Merge pull request #2057 from mgorny/poetry-install
    • a6fdbfd Stop installing documentation files to top-level site-packages
    • ff306f8 Fix tag template to match old standard
    • 227c4ae Merge pull request #2052 from hugovk/main
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 0
  • Bump sentry-sdk from 1.11.1 to 1.12.1

    Bump sentry-sdk from 1.11.1 to 1.12.1

    Bumps sentry-sdk from 1.11.1 to 1.12.1.

    Release notes

    Sourced from sentry-sdk's releases.

    1.12.1

    Various fixes & improvements

    1.12.0

    Basic OTel support

    This adds support to automatically integrate OpenTelemetry performance tracing with Sentry.

    See the documentation on how to set it up: https://docs.sentry.io/platforms/python/performance/instrumentation/opentelemetry/

    Give it a try and let us know if you have any feedback or problems with using it.

    By: @​antonpirker (#1772, #1766, #1765)

    Various fixes & improvements

    Changelog

    Sourced from sentry-sdk's changelog.

    1.12.1

    Various fixes & improvements

    1.12.0

    Basic OTel support

    This adds support to automatically integrate OpenTelemetry performance tracing with Sentry.

    See the documentation on how to set it up: https://docs.sentry.io/platforms/python/performance/instrumentation/opentelemetry/

    Give it a try and let us know if you have any feedback or problems with using it.

    By: @​antonpirker (#1772, #1766, #1765)

    Various fixes & improvements

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 0
  • Bump black from 22.10.0 to 22.12.0

    Bump black from 22.10.0 to 22.12.0

    Bumps black from 22.10.0 to 22.12.0.

    Release notes

    Sourced from black's releases.

    22.12.0

    Preview style

    • Enforce empty lines before classes and functions with sticky leading comments (#3302)
    • Reformat empty and whitespace-only files as either an empty file (if no newline is present) or as a single newline character (if a newline is present) (#3348)
    • Implicitly concatenated strings used as function args are now wrapped inside parentheses (#3307)
    • Correctly handle trailing commas that are inside a line's leading non-nested parens (#3370)

    Configuration

    • Fix incorrectly applied .gitignore rules by considering the .gitignore location and the relative path to the target file (#3338)
    • Fix incorrectly ignoring .gitignore presence when more than one source directory is specified (#3336)

    Parser

    • Parsing support has been added for walruses inside generator expression that are passed as function args (for example, any(match := my_re.match(text) for text in texts)) (#3327).

    Integrations

    • Vim plugin: Optionally allow using the system installation of Black via let g:black_use_virtualenv = 0(#3309)
    Changelog

    Sourced from black's changelog.

    22.12.0

    Preview style

    • Enforce empty lines before classes and functions with sticky leading comments (#3302)
    • Reformat empty and whitespace-only files as either an empty file (if no newline is present) or as a single newline character (if a newline is present) (#3348)
    • Implicitly concatenated strings used as function args are now wrapped inside parentheses (#3307)
    • Correctly handle trailing commas that are inside a line's leading non-nested parens (#3370)

    Configuration

    • Fix incorrectly applied .gitignore rules by considering the .gitignore location and the relative path to the target file (#3338)
    • Fix incorrectly ignoring .gitignore presence when more than one source directory is specified (#3336)

    Parser

    • Parsing support has been added for walruses inside generator expression that are passed as function args (for example, any(match := my_re.match(text) for text in texts)) (#3327).

    Integrations

    • Vim plugin: Optionally allow using the system installation of Black via let g:black_use_virtualenv = 0(#3309)
    Commits
    • 2ddea29 Prepare release 22.12.0 (#3413)
    • 5b1443a release: skip bad macos wheels for now (#3411)
    • 9ace064 Bump peter-evans/find-comment from 2.0.1 to 2.1.0 (#3404)
    • 19c5fe4 Fix CI with latest flake8-bugbear (#3412)
    • d4a8564 Bump sphinx-copybutton from 0.5.0 to 0.5.1 in /docs (#3390)
    • 2793249 Wordsmith current_style.md (#3383)
    • d97b789 Remove whitespaces of whitespace-only files (#3348)
    • c23a5c1 Clarify that Black runs with --safe by default (#3378)
    • 8091b25 Correctly handle trailing commas that are inside a line's leading non-nested ...
    • ffaaf48 Compare each .gitignore found with an appropiate relative path (#3338)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 0
  • Bump sqlalchemy from 1.4.44 to 1.4.45

    Bump sqlalchemy from 1.4.44 to 1.4.45

    Bumps sqlalchemy from 1.4.44 to 1.4.45.

    Release notes

    Sourced from sqlalchemy's releases.

    1.4.45

    Released: December 10, 2022

    orm

    • [orm] [bug] Fixed bug where _orm.Session.merge() would fail to preserve the current loaded contents of relationship attributes that were indicated with the _orm.relationship.viewonly parameter, thus defeating strategies that use _orm.Session.merge() to pull fully loaded objects from caches and other similar techniques. In a related change, fixed issue where an object that contains a loaded relationship that was nonetheless configured as lazy='raise' on the mapping would fail when passed to _orm.Session.merge(); checks for "raise" are now suspended within the merge process assuming the _orm.Session.merge.load parameter remains at its default of True.

      Overall, this is a behavioral adjustment to a change introduced in the 1.4 series as of #4994, which took "merge" out of the set of cascades applied by default to "viewonly" relationships. As "viewonly" relationships aren't persisted under any circumstances, allowing their contents to transfer during "merge" does not impact the persistence behavior of the target object. This allows _orm.Session.merge() to correctly suit one of its use cases, that of adding objects to a Session that were loaded elsewhere, often for the purposes of restoring from a cache.

      References: #8862

    • [orm] [bug] Fixed issues in _orm.with_expression() where expressions that were composed of columns that were referenced from the enclosing SELECT would not render correct SQL in some contexts, in the case where the expression had a label name that matched the attribute which used _orm.query_expression(), even when _orm.query_expression() had no default expression. For the moment, if the _orm.query_expression() does have a default expression, that label name is still used for that default, and an additional label with the same name will continue to be ignored. Overall, this case is pretty thorny so further adjustments might be warranted.

      References: #8881

    engine

    • [engine] [bug] Fixed issue where _engine.Result.freeze() method would not work for textual SQL using either _sql.text() or _engine.Connection.exec_driver_sql().

      References: #8963

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 0
  • Bump newrelic from 8.4.0 to 8.5.0

    Bump newrelic from 8.4.0 to 8.5.0

    Bumps newrelic from 8.4.0 to 8.5.0.

    Release notes

    Sourced from newrelic's releases.

    v8.5.0

    https://docs.newrelic.com/docs/release-notes/agent-release-notes/python-release-notes/python-agent-80500/

    Commits
    • fd0fd01 Fix Type Constructor Classes in Code Level Metrics (#708)
    • f977ba6 Add TraceCache Guarded Iteration (#704)
    • a63e33f Update instrumented methods in redis. (#707)
    • b849010 Reverts removal of flask_restful hooks. (#705)
    • 864f086 Fix bug in celery where works don't report data (#696)
    • 87b649f Validator transfer from fixtures.py to validators directory, Part 2 (#690)
    • 67feaa7 Remove pylint codes from flake8 config (#701)
    • 60a5d68 Fix tornado master tests & instrument redis 4.3.5 (#695)
    • eead7a7 Fix Confluent Kafka Producer Arguments (#699)
    • eb28b52 Pin Github Actions Runner to Ubuntu 20 for Py27 (#698)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 0
Releases(14.8.0)
  • 14.8.0(Oct 6, 2022)

  • 14.7.2(Apr 13, 2022)

    Bug Fixes

    • Prevents merging of ResourceChanged events if they were triggered from events listeners (cascade) (see mozilla/remote-settings#203)
    Source code(tar.gz)
    Source code(zip)
  • 14.7.1(Mar 31, 2022)

  • 14.7.0(Mar 30, 2022)

    Internal Changes

    • Add alwaysdata Marketplace link. https://github.com/Kinto/kinto/pull/2957
    • Test package description formatting in CI https://github.com/Kinto/kinto/pull/2951
    • Build Kinto Admin from source https://github.com/Kinto/kinto/pull/2966
    Dependabot Updates
    • Bump pytest from 6.2.5 to 7.0.0 https://github.com/Kinto/kinto/pull/2950
    • Bump pytest from 7.0.0 to 7.0.1 https://github.com/Kinto/kinto/pull/2953
    • Bump werkzeug from 2.0.2 to 2.0.3 https://github.com/Kinto/kinto/pull/2954
    • Bump python-rapidjson from 1.5 to 1.6 https://github.com/Kinto/kinto/pull/2956
    • Bump waitress from 2.0.0 to 2.1.0 https://github.com/Kinto/kinto/pull/2962
    • Bump sqlalchemy from 1.4.31 to 1.4.32 https://github.com/Kinto/kinto/pull/2961
    • Bump selenium from 4.1.0 to 4.1.2 https://github.com/Kinto/kinto/pull/2960
    • Bump newrelic from 7.4.0.172 to 7.6.0.173 https://github.com/Kinto/kinto/pull/2959
    • Bump pytest from 7.0.1 to 7.1.0 https://github.com/Kinto/kinto/pull/2965
    • Bump selenium from 4.1.2 to 4.1.3 https://github.com/Kinto/kinto/pull/2964
    • Bump pyramid-tm from 2.4 to 2.5 https://github.com/Kinto/kinto/pull/2963
    • Bump waitress from 2.1.0 to 2.1.1 https://github.com/Kinto/kinto/pull/2968
    • Bump pytest from 7.1.0 to 7.1.1 https://github.com/Kinto/kinto/pull/2967

    Kinto Admin

    Bug Fixes

    • Downgrade to history v4 (Kinto/kinto-admin#2180)
    • Fix crash on incorrect auth credentials (Kinto/kinto-admin#2119)

    For a complete log of Kinto Admin changes, see v1.31.0...v2.0.0

    Full Changelog: https://github.com/Kinto/kinto/compare/14.6.1...14.7.0

    Source code(tar.gz)
    Source code(zip)
  • 14.6.1(Feb 3, 2022)

    Bug Fixes

    • Fix crash in /permissions endpoint when a setting is misinterpreted as resource permission (e.g. signer.auto_create_resources_principals)

    Internal Changes

    • Update Dockerfile & docker-compose for faster, usable builds (#2942)
    • Add a SECURITY.md file (fixes #2912) (#2918)
    • Fix coveralls.io support (#2921)
    • Remove duplicated dependencies (#2922)
    Source code(tar.gz)
    Source code(zip)
  • 14.5.0(Oct 8, 2021)

    New feature

    • Add kinto.version_prefix_redirect_ttl_seconds setting in order to send Cache-Control response headers on version prefix redirects (fixes #2874)
    Source code(tar.gz)
    Source code(zip)
  • 14.4.1(Sep 20, 2021)

  • 14.4.0(Sep 16, 2021)

    Documentation

    • Fix "negociation" typo in docs/images/architecture.svg (#2813)

    Internal changes

    • Replace ujson with rapidjson. (#2677)
    • Upgrade kinto-admin to v1.30.2
    Source code(tar.gz)
    Source code(zip)
  • 14.3.0(Jun 13, 2021)

    Documentation

    • Fix documentation about disabling endpoints (#2794)

    Internal changes

    • Now compatible with Pyramid 2 (#2764)
    • Upgrade kinto-admin to v1.30.0
    Source code(tar.gz)
    Source code(zip)
  • 14.2.0(Feb 22, 2021)

    New feature

    • Allow rotation of the user password hmac secret without rotating the default bucket id hmac secret. (#2647)

    Documentation

    • Upgrade kinto-admin to v1.29.0
    • servicedenuages.fr domain is parked, replace links with web.archive.org (#2720)
    • Fix broken url in docs (#2692)

    Internal changes

    • Show diff on failures. (#2723)
    • Add GitHub Actions workflows (#2677)
    Source code(tar.gz)
    Source code(zip)
  • 14.1.1(Nov 3, 2020)

  • 14.1.0(Oct 27, 2020)

    New feature

    • Add ability to disable explicit permissions at object level (ref #893). Use kinto.explicit_permissions = false to only rely on inherited permissions (see settings docs)

    Internal Changes

    • Distinguish readonly errors in storage backend (kinto.core.storage.exceptions.ReadonlyError)
    • Upgrade kinto-admin to v1.27.0
    • Add support to Python 3.9
    Source code(tar.gz)
    Source code(zip)
  • 14.0.1(Sep 9, 2020)

    Bug fixes

    • Do not break storage implementations (ie. kinto-redis) that rely on json class attribute (removed in v14.0.0)
    • Do not return 400 for ?_since=null (fixes #2595)
    Source code(tar.gz)
    Source code(zip)
  • 14.0.0(Sep 1, 2020)

  • 13.6.6(Jun 26, 2020)

    Bug fixes

    • Fix messages duplication in logs (#2513)
    • Fix resource timestamp unicity (fixes #2472, #602)

    Documentation

    • Refer to proper terms in glossary (#2486)
    Source code(tar.gz)
    Source code(zip)
  • 13.6.5(Mar 31, 2020)

  • 13.6.4(Mar 29, 2020)

    Security fix

    • Fix permission checking with POST on plural endpoints (fixes #2459)

    Bug fixes

    • Apply CORS headers to EOL responses (#2452)

    Internal Changes

    • Remove auth parameter from postgresql/memory storage backends
    • Removed pytest-sugar
    Source code(tar.gz)
    Source code(zip)
  • 13.6.3(Jan 30, 2020)

    Bug fixes

    • History entries datetimes now carry timezone information
    • Fix kinto init command (#2375)
    • Fix float strings parsing in certain URL query parameters. (#2392)

    Internal Changes

    • Upgrade kinto-admin to v1.26.1
    • Drop auth parameter from storage backend methods.
    Source code(tar.gz)
    Source code(zip)
  • 13.6.2(Nov 4, 2019)

  • 13.6.1(Oct 31, 2019)

  • 13.6.0(Oct 24, 2019)

    New Features

    • Add Content-Security-Policy header and report URI (fixes #2303)

    Internal Changes

    • Use package-lock file for Kinto Admin packaging
    • Use isort for formatting imports (Fixes #2270)
    • Upgrade kinto-admin to v1.25.2
    Source code(tar.gz)
    Source code(zip)
  • 13.5.0(Sep 26, 2019)

  • 13.4.0(Sep 12, 2019)

  • 13.3.0(Aug 15, 2019)

    Bug fixes

    • Prevent password to be modified on modification of accounts metadata (fixes #2058)
    • Fix unexpected exception in /__version__ endpoint
    • Add Content-Type to default_cors_headers (refs #2220)
    • Fix crash with non-allowed requests on __user_data__ (fixes #2063)
    • Fix multiple event listeners on READ action (fixes #1755)

    New features

    • Allow StatsD counter to be incremented by an arbitrary number
    Source code(tar.gz)
    Source code(zip)
  • 13.2.2(Jul 4, 2019)

  • 13.2.1(Jun 25, 2019)

  • 13.2.0(Jun 18, 2019)

  • 13.1.1(May 23, 2019)

    Bug fixes

    • Fix cache heartbeat test (fixes #2107)
    • Fix support of sqlalchemy.pool.NullPool for PostgreSQL backends. The default pool_size of 25 is maintained on the default pool class (QueuePoolWithMaxBacklog). When using custom connection pools, please refer to SQLAlchemy documentation for default values.

    Internal changes

    • Remove dependency to kinto-redis in core tests
    Source code(tar.gz)
    Source code(zip)
  • 13.1.0(Mar 21, 2019)

    New features

    • Expose the user_profile in the user field of the hello page. (#1989)
    • Add an "account validation" option to the accounts plugin. (#1973)
    • Add a validate endpoint at /accounts/{user id}/validate/{validation key} which can be used to validate an account when the account validation option is enabled on the accounts plugin.
    • Add a reset-password endpoint at /accounts/(user id)/reset-password which can be used to reset a user's password when the account validation option is enabled on the accounts plugin.

    Bug fixes

    • Fixed two potential bugs relating to mutable default values.
    • Fix crash on validating records with errors in arrays (#1508)
    • Fix crash on deleting multiple accounts (#2009)

    Documentation

    • Fixed spelling and Filtering docs

    Internal changes

    • Use setup.cfg for package metadata (ref #1921)

    API is now at version 1.22. See API changelog

    Source code(tar.gz)
    Source code(zip)
  • 13.0.1(Jan 29, 2019)

    Bug fixes

    • Loosen up the Content-Security policies in the Kinto Admin plugin to prevent Webpack inline script to be rejected (fixes #2000)
    Source code(tar.gz)
    Source code(zip)
Owner
Kinto
A generic JSON document store with sharing and synchronisation capabilities.
Kinto
TrueNAS CORE/Enterprise/SCALE Middleware Git Repository

TrueNAS CORE/Enterprise/SCALE main source repo Want to contribute or collaborate? Join our Slack instance. IMPORTANT NOTE: This is the master branch o

TrueNAS 2k Jan 07, 2023
ZODB Client-Server framework

ZEO - Single-server client-server database server for ZODB ZEO is a client-server storage for ZODB for sharing a single storage among many clients. Wh

Zope 40 Nov 04, 2022
A Terminal Client for MySQL with AutoCompletion and Syntax Highlighting.

mycli A command line client for MySQL that can do auto-completion and syntax highlighting. HomePage: http://mycli.net Documentation: http://mycli.net/

dbcli 10.7k Jan 07, 2023
Postgres CLI with autocompletion and syntax highlighting

A REPL for Postgres This is a postgres client that does auto-completion and syntax highlighting. Home Page: http://pgcli.com MySQL Equivalent: http://

dbcli 10.8k Dec 30, 2022
Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

sqlmapproject 25.7k Jan 02, 2023
a full featured file system for online data storage

S3QL S3QL is a file system that stores all its data online using storage services like Google Storage, Amazon S3, or OpenStack. S3QL effectively provi

917 Dec 25, 2022
Barman - Backup and Recovery Manager for PostgreSQL

Barman, Backup and Recovery Manager for PostgreSQL Barman (Backup and Recovery Manager) is an open-source administration tool for disaster recovery of

EDB 1.5k Dec 30, 2022
Continuous Archiving for Postgres

WAL-E Continuous archiving for Postgres WAL-E is a program designed to perform continuous archiving of PostgreSQL WAL files and base backups. To corre

3.4k Dec 30, 2022
The command-line tool that gives easy access to all of the capabilities of B2 Cloud Storage

B2 Command Line Tool The command-line tool that gives easy access to all of the capabilities of B2 Cloud Storage. This program provides command-line a

Backblaze 467 Dec 08, 2022
Nerd-Storage is a simple web server for sharing files on the local network.

Nerd-Storage is a simple web server for sharing files on the local network. It supports the download of files and directories, the upload of multiple files at once, making a directory, updates and de

ハル 68 Jun 07, 2022
An open source multi-tool for exploring and publishing data

Datasette An open source multi-tool for exploring and publishing data Datasette is a tool for exploring and publishing data. It helps people take data

Simon Willison 6.8k Jan 01, 2023
The Tahoe-LAFS decentralized secure filesystem.

Free and Open decentralized data store Tahoe-LAFS (Tahoe Least-Authority File Store) is the first free software / open-source storage technology that

Tahoe-LAFS 1.2k Jan 01, 2023
The next generation relational database.

What is EdgeDB? EdgeDB is an open-source object-relational database built on top of PostgreSQL. The goal of EdgeDB is to empower its users to build sa

EdgeDB 9.9k Dec 31, 2022
Cross-platform desktop synchronization client for the Nuxeo platform.

Nuxeo Drive Desktop Synchronization Client for Nuxeo This is an ongoing development project for desktop synchronization of local folders with remote N

Nuxeo 63 Dec 16, 2022
Synchronize local directories with Tahoe-LAFS storage grids

Gridsync Gridsync aims to provide a cross-platform, graphical user interface for Tahoe-LAFS, the Least Authority File Store. It is intended to simplif

171 Dec 16, 2022
A generic JSON document store with sharing and synchronisation capabilities.

Kinto Kinto is a minimalist JSON storage service with synchronisation and sharing abilities. Online documentation Tutorial Issue tracker Contributing

Kinto 4.2k Dec 26, 2022
The web end of seafile server.

Introduction Seahub is the web frontend for Seafile. Preparation Build and deploy Seafile server from source. See http://manual.seafile.com/build_seaf

476 Dec 29, 2022
ZFS, in Python, without reading the original C.

ZFSp What? ZFS, in Python, without reading the original C. What?! That's right. How? Many hours spent staring at hexdumps, and asking friends to searc

Colin Valliant 569 Oct 28, 2022