merge default trunk into branch

Author: rouilj

.github/workflows/anchore.yml

@@ -37,7 +37,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout the code
-      uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+      uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
     - name: Build the Docker image
       run: docker pull python:3-alpine; docker build . --file scripts/Docker/Dockerfile --tag localbuild/testimage:latest
     - name: List the Docker image

.github/workflows/ci-test.yml

@@ -93,11 +93,11 @@ jobs:
         # if: {{ false }}
           # continue running if step fails
         # continue-on-error: true
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 
       # Setup version of Python to use
       - name: Set Up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
+        uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: ${{ matrix.python-version }}
           allow-prereleases: true
@@ -184,16 +184,13 @@ jobs:
 
       - name: Install xapian
         run: |
+          set -xv
           sudo apt-get install libxapian-dev
           # Sphinx required to build the xapian python bindings. Use 1.8.5 on
           # older python and newest on newer.
           if [[ $PYTHON_VERSION == "2."* ]]; then pip install sphinx==1.8.5; fi
           if [[ $PYTHON_VERSION == '3.'* ]] ; then pip install sphinx; fi
-          if [[ $PYTHON_VERSION == '3.12'* ]] ; then \
-              XAPIAN_VER=1.4.22; \
-          else
-              XAPIAN_VER=$(dpkg -l libxapian-dev | tail -n 1 | awk '{print $3}' | cut -d '-' -f 1); echo $XAPIAN_VER; \
-          fi
+          XAPIAN_VER=$(dpkg -l libxapian-dev | tail -n 1 | awk '{print $3}' | cut -d '-' -f 1); echo $XAPIAN_VER;
           cd /tmp
           curl -s -O https://oligarchy.co.uk/xapian/$XAPIAN_VER/xapian-bindings-$XAPIAN_VER.tar.xz
           tar -Jxvf xapian-bindings-$XAPIAN_VER.tar.xz
@@ -204,8 +201,19 @@ jobs:
           # 3.11 or newer.
           # Change distutils.sysconfig... to just sysconfig and SO
           # to EXT_SUFFIX to get valid value.
-          if [[ $PYTHON_VERSION == "3."* ]]; then sed -i -e '/PYTHON3_SO=/s/distutils\.//g' -e '/PYTHON3_SO=/s/"SO"/"EXT_SUFFIX"/g' configure; ./configure --prefix=$VIRTUAL_ENV --with-python3 --disable-documentation; fi
-          case "$PYTHON_VERSION" in nightly|3.12*) echo skipping xapian build;; *) make && sudo make install; esac
+          if [[ $PYTHON_VERSION == "3."* ]]; then \
+            cp configure configure.FCS; \
+            sed -i \
+              -e '/PYTHON3_SO=/s/distutils\.//g' \
+              -e '/PYTHON3_SO=/s/"SO"/"EXT_SUFFIX"/g' \
+              -e '/PYTHON3_CACHE_TAG=/s/imp;print(imp.get_tag())/sys;print(sys.implementation.cache_tag)/' \
+              -e '/PYTHON3_CACHE_OPT1_EXT=/s/imp\.get_tag()/sys.implementation.cache_tag/g' \
+              -e '/PYTHON3_CACHE_OPT1_EXT=/s/imp\b/importlib/g' \
+            configure; \
+            diff -u configure.FCS configure || true; \
+            ./configure --prefix=$VIRTUAL_ENV --with-python3 --disable-documentation; \
+          fi
+          case "$PYTHON_VERSION" in nightly) echo skipping xapian build;; *) make && sudo make install; esac
 
       - name: Install pytest and other packages needed for running tests
         run: pip install flake8 mock pytest pytest-cov requests

.github/workflows/codeql-analysis.yml

@@ -49,7 +49,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v2.6.0
+      uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/ossf-scorecard.yml

@@ -35,12 +35,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v3.1.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
+        uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0
         with:
           results_file: results.sarif
           results_format: sarif

.grype.yaml

@@ -0,0 +1,3 @@
+ignore:
+  - vulnerability: CVE-2018-20225
+  - vulnerability: CVE-2018-20225-pip

.hgtags

@@ -143,3 +143,4 @@ c90104abe508e3886917243e4acd069c8ef7a1a4 2.2.0
 239d9542b02062c56f88fd1de8b87c4d88d700ad 2.2.0
 51fc06fabcee043db116e2fbdcdcf5e86b67ed3d 2.3.0b2
 913a73b9fab58e9c7e43e1fad379b68cae6ee3ae 2.3.0
+d17e57220a62416fcd192199cf29ca48db3af1a4 2.3.1a0

.travis.yml

@@ -138,7 +138,7 @@ install:
   - if [[ $TRAVIS_PYTHON_VERSION != "3.4"* ]]; then pip install mistune==0.8.4; fi
   - if [[ $TRAVIS_PYTHON_VERSION != "3.4"* && $TRAVIS_PYTHON_VERSION != "2."* ]]; then pip install Markdown; fi
   - pip install 'markdown2<=2.4.8'
-  - pip install brotli
+  - pip install brotli==1.0.9
   # zstd fails to build under python nightly aborting test.
   # allow testing to still happen if the optional package doesn't install.
   - pip install zstd || true
@@ -165,7 +165,7 @@ script:
   - PATH=$VIRTUAL_ENV/bin:$PATH
   - export LD_LIBRARY_PATH=$VIRTUAL_ENV/lib:$LD_LIBRARY_PATH
   - python -c "import sys; print('python version ', sys.version)"
-  - set -xv; if [[ "$TRAVIS_PYTHON_VERSION" != "2."* ]]; then
+  - if [[ "$TRAVIS_PYTHON_VERSION" != "2."* ]]; then
     python -m pytest -r a \
       --durations=20 \
       -W default \
@@ -183,7 +183,7 @@ script:
 
 after_success:
   # from https://docs.codecov.com/docs/codecov-uploader#integrity-checking-the-uploader
-  - curl https://keybase.io/codecovsecurity/pgp_keys.asc |
+  - curl https://keybase.io/codecovsecurity/pgp_keys.asc | \
     gpg --no-default-keyring --keyring trustedkeys.gpg --import # One-time step
   - curl -Os https://uploader.codecov.io/latest/linux/codecov
   - curl -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM

CHANGES.txt

@@ -47,6 +47,33 @@ Fixed:
   source install. (John Rouillard)
 - Document use of pyreadline3 to allow roundup-admin to have CLI editing
   on windows. (John Rouillard)
+- issue2551293 - remove schema_hook from Tracker instance. Looks like
+  it was an obsolete hook used for testing. Never documented and not
+  accessible from schema.py.
+- Fix roundup-admin security command. Lowercase its optional
+  argument. Roles are indexed by lower case role name. So 'security
+  User' and 'security user' should generate the same output. (John
+  Rouillard from issue on mailing list by Chuck Cunningham)
+- make roundup-server exit more quickly on ^C. This seems to be
+  limited to windows. (John Rouillard)
+- Fix error handling so failure during import of a non-user item
+  doesn't cause a second traceback. (Found by Norbert Schlemmer, fix
+  John Rouillard)
+- Handle out of memory error when importing large trackers in
+  PostgreSQL. (Found by Norbert Schlemmer, extensive testing by
+  Norbert, fix John Rouillard)
+- use unittest.mock rather than mock for
+  test/test_hyperdbvals.py. (found by Ralf Schlatterbeck. Fix John
+  Rouillard)
+- disable proxy with wget in roundup_healthcheck. (Norbert SCHLEMMER
+  Noschvie on github.com)
+- support dicttoxml2.py for Roundup running on 3.7 and
+  newer. dicttoxml uses a type alias: collection.Iterator that is
+  dropped in Python 3.10. (found by Norbert SCHLEMMER, fix John
+  Rouillard)
+- fix repeated password id with user.item.html in all templates except
+  jinja2. (John Rouillard)
+- fix unclosed file when saving index in indexer_dbm.py. (John Rouillard)
 
 Features:
 

RELEASE.txt

@@ -236,7 +236,7 @@ Roundup release checklist:
 
      Also can scan (optionally) using trivy:
 
-        docker run --rm --volume \
+        docker run -it --rm --volume \
 	/var/run/docker.sock:/var/run/docker.sock \
           --name trivy aquasec/trivy:latest image rounduptracker/roundup:2.2.0
 

doc/acknowledgements.txt

@@ -16,6 +16,24 @@ ideas and everything else that helped!
 
 .. _`Announcement with changelog for current release.`: announcement.html
 
+2.4
+---
+
+2.4.0
+~~~~~
+
+Maintainer:  John Rouillard
+
+Release Manager: John Rouillard
+
+Developer activity by changesets::
+
+  TBD
+
+Other contributers
+
+Norbert Schlemmer
+
 2.3
 ---