requests security update and more

[Snyk] Security upgrade idna from 3.6 to 3.7

README.rst

@@ -39,6 +39,8 @@ Usage / example configuration
 Copy ``settings.py`` from example_config to the parent directory and
 configure to your needs (*at the least* change the value of `SYSTEMKEY`).
 
+Do not forget to fill in the `MASHAPE_API_KEY` value, which you [can request on the RapidAPI website](https://rapidapi.com/realfavicongenerator/api/realfavicongenerator).
+
 Run digimarks as a service under nginx or apache and call the appropriate
 url's when wanted.
 

digimarks.py

@@ -10,10 +10,11 @@ import sys
 
 import bs4
 import requests
-from flask import (Flask, abort, jsonify, redirect, render_template, request,
+from dateutil import tz
-                   url_for)
+from feedgen.feed import FeedGenerator
+from flask import (Flask, abort, jsonify, make_response, redirect,
+                   render_template, request, url_for)
 from peewee import *  # noqa
-from werkzeug.contrib.atom import AtomFeed
 
 try:
     # Python 3
@@ -357,14 +358,14 @@ class Bookmark(BaseModel):
     def _set_favicon_with_realfavicongenerator(self, domain):
         """ Fetch favicon for the domain """
         response = requests.get(
-            'https://realfavicongenerator.p.mashape.com/favicon/icon?platform=android_chrome&site=' + domain,
+            'https://realfavicongenerator.p.rapidapi.com/favicon/icon?platform=android_chrome&site=' + domain,
             stream=True,
             headers={'User-Agent': DIGIMARKS_USER_AGENT, 'X-Mashape-Key': settings.MASHAPE_API_KEY}
         )
         if response.status_code == 404:
             # Fall back to desktop favicon
             response = requests.get(
-                'https://realfavicongenerator.p.mashape.com/favicon/icon?platform=desktop&site=' + domain,
+                'https://realfavicongenerator.p.rapidapi.com/favicon/icon?platform=desktop&site=' + domain,
                 stream=True,
                 headers={'User-Agent': DIGIMARKS_USER_AGENT, 'X-Mashape-Key': settings.MASHAPE_API_KEY}
             )
@@ -604,10 +605,12 @@ def bookmarks_js(userkey):
         Bookmark.userkey == userkey,
         Bookmark.status == Bookmark.VISIBLE
     ).order_by(Bookmark.created_date.desc())
-    return render_template(
+    resp = make_response(render_template(
         'bookmarks.js',
         bookmarks=bookmarks
-    )
+    ))
+    resp.headers['Content-type'] = 'text/javascript; charset=utf-8'
+    return resp
 
 
 @app.route('/r/<userkey>/<urlhash>')
@@ -960,23 +963,34 @@ def publictag_feed(tagkey):
             Bookmark.tags.contains(this_tag.tag),
             Bookmark.status == Bookmark.VISIBLE
         )
-        feed = AtomFeed(this_tag.tag, feed_url=request.url, url=make_external(url_for('publictag_page', tagkey=tagkey)))
+
+        feed = FeedGenerator()
+        feed.title(this_tag.tag)
+        feed.id(request.url)
+        feed.link(href=request.url, rel='self')
+        feed.link(href=make_external(url_for('publictag_page', tagkey=tagkey)))
+
         for bookmark in bookmarks:
+            entry = feed.add_entry()
+
             updated_date = bookmark.modified_date
             if not bookmark.modified_date:
                 updated_date = bookmark.created_date
             bookmarktitle = '{} (no title)'.format(bookmark.url)
             if bookmark.title:
                 bookmarktitle = bookmark.title
-            feed.add(
+
-                bookmarktitle,
+            entry.id(bookmark.url)
-                content_type='html',
+            entry.title(bookmarktitle)
-                author='digimarks',
+            entry.link(href=bookmark.url)
-                url=bookmark.url,
+            entry.author(name='digimarks')
-                updated=updated_date,
+            entry.pubdate(bookmark.created_date.replace(tzinfo=tz.tzlocal()))
-                published=bookmark.created_date
+            entry.published(bookmark.created_date.replace(tzinfo=tz.tzlocal()))
-            )
+            entry.updated(updated_date.replace(tzinfo=tz.tzlocal()))
-        return feed.get_response()
+
+        response = make_response(feed.atom_str(pretty=True))
+        response.headers.set('Content-Type', 'application/atom+xml')
+        return response
     except PublicTag.DoesNotExist:
         abort(404)
 

example_config/settings.py

@@ -10,6 +10,10 @@ DEBUG = False
 # echo -n "yourstring" | sha1sum
 SYSTEMKEY = 'S3kr1t'
 
+# RapidAPI key for favicons
+# https://rapidapi.com/realfavicongenerator/api/realfavicongenerator
+MASHAPE_API_KEY = 'your_MASHAPE_key'
+
 LOG_LOCATION = 'digimarks.log'
 #LOG_LOCATION = '/var/log/digimarks/digimarks.log'
 # How many logs to keep in log rotation:

requirements-dev.txt

@@ -1,29 +1,61 @@
-#
+# This file was autogenerated by uv via the following command:
-# This file is autogenerated by pip-compile
+#    uv pip compile requirements-dev.in
-# To update, run:
+astroid==3.3.10
-#
+    # via pylint
-#    pip-compile requirements-dev.in --upgrade
+beautifulsoup4==4.13.4
-#
+    # via bs4
-astroid==2.2.5            # via pylint
+blinker==1.9.0
-beautifulsoup4==4.7.1     # via bs4
+    # via flask
-bs4==0.0.1
+bs4==0.0.2
-certifi==2019.3.9         # via requests
+    # via -r requirements.in
-chardet==3.0.4            # via requests
+certifi==2025.4.26
-click==7.0                # via flask
+    # via requests
-flask==1.0.2
+charset-normalizer==3.4.2
-idna==2.8                 # via requests
+    # via requests
-isort==4.3.17             # via pylint
+click==8.2.1
-itsdangerous==1.1.0       # via flask
+    # via flask
-jinja2==2.10.1            # via flask
+dill==0.4.0
-lazy-object-proxy==1.3.1  # via astroid
+    # via pylint
-markupsafe==1.1.1         # via jinja2
+feedgen==1.0.0
-mccabe==0.6.1             # via pylint
+    # via -r requirements.in
-peewee==3.9.3
+flask==3.1.1
-pylint==2.3.1
+    # via -r requirements.in
-requests==2.21.0
+idna==3.10
-six==1.12.0               # via astroid
+    # via requests
-soupsieve==1.9            # via beautifulsoup4
+isort==6.0.1
-typed-ast==1.3.1          # via astroid
+    # via pylint
-urllib3==1.24.1           # via requests
+itsdangerous==2.2.0
-werkzeug==0.15.2          # via flask
+    # via flask
-wrapt==1.11.1             # via astroid
+jinja2==3.1.6
+    # via flask
+lxml==5.4.0
+    # via feedgen
+markupsafe==3.0.2
+    # via
+    #   flask
+    #   jinja2
+    #   werkzeug
+mccabe==0.7.0
+    # via pylint
+peewee==3.18.1
+    # via -r requirements.in
+platformdirs==4.3.8
+    # via pylint
+pylint==3.3.7
+    # via -r requirements-dev.in
+python-dateutil==2.9.0.post0
+    # via feedgen
+requests==2.32.4
+    # via -r requirements.in
+six==1.17.0
+    # via python-dateutil
+soupsieve==2.7
+    # via beautifulsoup4
+tomlkit==0.13.3
+    # via pylint
+typing-extensions==4.14.0
+    # via beautifulsoup4
+urllib3==2.4.0
+    # via requests
+werkzeug==3.1.3
+    # via flask

requirements.in

@@ -1,4 +1,10 @@
+# Core application
 flask
 peewee
+
+# Fetch title etc from links
 bs4
 requests
+
+# Generate (atom) feeds for tags and such
+feedgen

requirements.txt

@@ -1,21 +1,47 @@
-#
+# This file was autogenerated by uv via the following command:
-# This file is autogenerated by pip-compile
+#    uv pip compile requirements.in
-# To update, run:
+beautifulsoup4==4.13.4
-#
+    # via bs4
-#    pip-compile requirements.in --upgrade
+blinker==1.9.0
-#
+    # via flask
-beautifulsoup4==4.7.1     # via bs4
+bs4==0.0.2
-bs4==0.0.1
+    # via -r requirements.in
-certifi==2019.3.9         # via requests
+certifi==2025.4.26
-chardet==3.0.4            # via requests
+    # via requests
-click==7.0                # via flask
+charset-normalizer==3.4.2
-flask==1.0.2
+    # via requests
-idna==2.8                 # via requests
+click==8.2.1
-itsdangerous==1.1.0       # via flask
+    # via flask
-jinja2==2.10.1            # via flask
+feedgen==1.0.0
-markupsafe==1.1.1         # via jinja2
+    # via -r requirements.in
-peewee==3.9.3
+flask==3.1.1
-requests==2.21.0
+    # via -r requirements.in
-soupsieve==1.9            # via beautifulsoup4
+idna==3.10
-urllib3==1.24.1           # via requests
+    # via requests
-werkzeug==0.15.2          # via flask
+itsdangerous==2.2.0
+    # via flask
+jinja2==3.1.6
+    # via flask
+lxml==5.4.0
+    # via feedgen
+markupsafe==3.0.2
+    # via
+    #   flask
+    #   jinja2
+    #   werkzeug
+peewee==3.18.1
+    # via -r requirements.in
+python-dateutil==2.9.0.post0
+    # via feedgen
+requests==2.32.4
+    # via -r requirements.in
+six==1.17.0
+    # via python-dateutil
+soupsieve==2.7
+    # via beautifulsoup4
+typing-extensions==4.14.0
+    # via beautifulsoup4
+urllib3==2.4.0
+    # via requests
+werkzeug==3.1.3
+    # via flask