certifi security update and more

requests security update
flask security update and more
2025-12-06 22:05:09 +01:00 · 2023-07-26 22:59:53 +02:00 · 2023-05-23 22:38:31 +02:00 · 2023-05-09 09:14:34 +02:00 · 2023-02-16 10:22:42 +01:00 · 2022-12-09 11:51:50 +01:00
6 changed files with 153 additions and 57 deletions
--- a/README.rst
+++ b/README.rst
@@ -39,6 +39,8 @@ Usage / example configuration
 Copy ``settings.py`` from example_config to the parent directory and
 configure to your needs (*at the least* change the value of `SYSTEMKEY`).
 Do not forget to fill in the `MASHAPE_API_KEY` value, which you [can request on the RapidAPI website](https://rapidapi.com/realfavicongenerator/api/realfavicongenerator).
 Run digimarks as a service under nginx or apache and call the appropriate
 url's when wanted.
--- a/digimarks.py
+++ b/digimarks.py
@@ -10,10 +10,11 @@ import sys
 import bs4
 import requests
-from flask import (Flask, abort, jsonify, redirect, render_template, request,
+from dateutil import tz
-                   url_for)
+from feedgen.feed import FeedGenerator
 from flask import (Flask, abort, jsonify, make_response, redirect,
                   render_template, request, url_for)
 from peewee import *  # noqa
 from werkzeug.contrib.atom import AtomFeed
 try:
    # Python 3
@@ -357,14 +358,14 @@ class Bookmark(BaseModel):
    def _set_favicon_with_realfavicongenerator(self, domain):
        """ Fetch favicon for the domain """
        response = requests.get(
-            'https://realfavicongenerator.p.mashape.com/favicon/icon?platform=android_chrome&site=' + domain,
+            'https://realfavicongenerator.p.rapidapi.com/favicon/icon?platform=android_chrome&site=' + domain,
            stream=True,
            headers={'User-Agent': DIGIMARKS_USER_AGENT, 'X-Mashape-Key': settings.MASHAPE_API_KEY}
        )
        if response.status_code == 404:
            # Fall back to desktop favicon
            response = requests.get(
-                'https://realfavicongenerator.p.mashape.com/favicon/icon?platform=desktop&site=' + domain,
+                'https://realfavicongenerator.p.rapidapi.com/favicon/icon?platform=desktop&site=' + domain,
                stream=True,
                headers={'User-Agent': DIGIMARKS_USER_AGENT, 'X-Mashape-Key': settings.MASHAPE_API_KEY}
            )
@@ -604,10 +605,12 @@ def bookmarks_js(userkey):
        Bookmark.userkey == userkey,
        Bookmark.status == Bookmark.VISIBLE
    ).order_by(Bookmark.created_date.desc())
-    return render_template(
+    resp = make_response(render_template(
        'bookmarks.js',
        bookmarks=bookmarks
-    )
+    ))
    resp.headers['Content-type'] = 'text/javascript; charset=utf-8'
    return resp
@app.route('/r/<userkey>/<urlhash>')
@@ -960,23 +963,34 @@ def publictag_feed(tagkey):
            Bookmark.tags.contains(this_tag.tag),
            Bookmark.status == Bookmark.VISIBLE
        )
-        feed = AtomFeed(this_tag.tag, feed_url=request.url, url=make_external(url_for('publictag_page', tagkey=tagkey)))
+
        feed = FeedGenerator()
        feed.title(this_tag.tag)
        feed.id(request.url)
        feed.link(href=request.url, rel='self')
        feed.link(href=make_external(url_for('publictag_page', tagkey=tagkey)))
        for bookmark in bookmarks:
            entry = feed.add_entry()
            updated_date = bookmark.modified_date
            if not bookmark.modified_date:
                updated_date = bookmark.created_date
            bookmarktitle = '{} (no title)'.format(bookmark.url)
            if bookmark.title:
                bookmarktitle = bookmark.title
-            feed.add(
+
-                bookmarktitle,
+            entry.id(bookmark.url)
-                content_type='html',
+            entry.title(bookmarktitle)
-                author='digimarks',
+            entry.link(href=bookmark.url)
-                url=bookmark.url,
+            entry.author(name='digimarks')
-                updated=updated_date,
+            entry.pubdate(bookmark.created_date.replace(tzinfo=tz.tzlocal()))
-                published=bookmark.created_date
+            entry.published(bookmark.created_date.replace(tzinfo=tz.tzlocal()))
-            )
+            entry.updated(updated_date.replace(tzinfo=tz.tzlocal()))
-        return feed.get_response()
+
        response = make_response(feed.atom_str(pretty=True))
        response.headers.set('Content-Type', 'application/atom+xml')
        return response
    except PublicTag.DoesNotExist:
        abort(404)
--- a/example_config/settings.py
+++ b/example_config/settings.py
@@ -10,6 +10,10 @@ DEBUG = False
 # echo -n "yourstring" | sha1sum
 SYSTEMKEY = 'S3kr1t'
 # RapidAPI key for favicons
 # https://rapidapi.com/realfavicongenerator/api/realfavicongenerator
 MASHAPE_API_KEY = 'your_MASHAPE_key'
 LOG_LOCATION = 'digimarks.log'
 #LOG_LOCATION = '/var/log/digimarks/digimarks.log'
 # How many logs to keep in log rotation:
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -1,28 +1,70 @@
 #
-# This file is autogenerated by pip-compile
+# This file is autogenerated by pip-compile with Python 3.10
-# To update, run:
+# by the following command:
 #
-#    pip-compile --output-file requirements-dev.txt requirements-dev.in
+#    pip-compile requirements-dev.in
 #
-astroid==2.0.4            # via pylint
+astroid==2.15.6
-beautifulsoup4==4.6.3     # via bs4
+    # via pylint
 beautifulsoup4==4.12.2
    # via bs4
 blinker==1.6.2
    # via flask
 bs4==0.0.1
-certifi==2018.8.24        # via requests
+    # via -r requirements.in
-chardet==3.0.4            # via requests
+certifi==2023.7.22
-click==6.7                # via flask
+    # via requests
-flask==1.0.2
+charset-normalizer==3.2.0
-idna==2.7                 # via requests
+    # via requests
-isort==4.3.4              # via pylint
+click==8.1.6
-itsdangerous==0.24        # via flask
+    # via flask
-jinja2==2.10              # via flask
+dill==0.3.7
-lazy-object-proxy==1.3.1  # via astroid
+    # via pylint
-markupsafe==1.0           # via jinja2
+feedgen==0.9.0
-mccabe==0.6.1             # via pylint
+    # via -r requirements.in
-peewee==3.7.0
+flask==2.3.2
-pylint==2.1.1
+    # via -r requirements.in
-requests==2.19.1
+idna==3.4
-six==1.11.0               # via astroid
+    # via requests
-typed-ast==1.1.0          # via astroid
+isort==5.12.0
-urllib3==1.23             # via requests
+    # via pylint
-werkzeug==0.14.1          # via flask
+itsdangerous==2.1.2
-wrapt==1.10.11            # via astroid
+    # via flask
 jinja2==3.1.2
    # via flask
 lazy-object-proxy==1.9.0
    # via astroid
 lxml==4.9.3
    # via feedgen
 markupsafe==2.1.3
    # via
    #   jinja2
    #   werkzeug
 mccabe==0.7.0
    # via pylint
 peewee==3.16.2
    # via -r requirements.in
 platformdirs==3.9.1
    # via pylint
 pylint==2.17.5
    # via -r requirements-dev.in
 python-dateutil==2.8.2
    # via feedgen
 requests==2.31.0
    # via -r requirements.in
 six==1.16.0
    # via python-dateutil
 soupsieve==2.4.1
    # via beautifulsoup4
 tomli==2.0.1
    # via pylint
 tomlkit==0.11.8
    # via pylint
 typing-extensions==4.7.1
    # via astroid
 urllib3==2.0.4
    # via requests
 werkzeug==2.3.6
    # via flask
 wrapt==1.15.0
    # via astroid
--- a/requirements.in
+++ b/requirements.in
@@ -1,4 +1,10 @@
 # Core application
 flask
 peewee
 # Fetch title etc from links
 bs4
 requests
 # Generate (atom) feeds for tags and such
 feedgen
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,20 +1,48 @@
 #
-# This file is autogenerated by pip-compile
+# This file is autogenerated by pip-compile with Python 3.10
-# To update, run:
+# by the following command:
 #
-#    pip-compile --output-file requirements.txt requirements.in
+#    pip-compile requirements.in
 #
-beautifulsoup4==4.6.3     # via bs4
+beautifulsoup4==4.12.2
    # via bs4
 blinker==1.6.2
    # via flask
 bs4==0.0.1
-certifi==2018.8.24        # via requests
+    # via -r requirements.in
-chardet==3.0.4            # via requests
+certifi==2023.7.22
-click==6.7                # via flask
+    # via requests
-flask==1.0.2
+charset-normalizer==3.2.0
-idna==2.7                 # via requests
+    # via requests
-itsdangerous==0.24        # via flask
+click==8.1.6
-jinja2==2.10              # via flask
+    # via flask
-markupsafe==1.0           # via jinja2
+feedgen==0.9.0
-peewee==3.7.0
+    # via -r requirements.in
-requests==2.19.1
+flask==2.3.2
-urllib3==1.23             # via requests
+    # via -r requirements.in
-werkzeug==0.14.1          # via flask
+idna==3.4
    # via requests
 itsdangerous==2.1.2
    # via flask
 jinja2==3.1.2
    # via flask
 lxml==4.9.3
    # via feedgen
 markupsafe==2.1.3
    # via
    #   jinja2
    #   werkzeug
 peewee==3.16.2
    # via -r requirements.in
 python-dateutil==2.8.2
    # via feedgen
 requests==2.31.0
    # via -r requirements.in
 six==1.16.0
    # via python-dateutil
 soupsieve==2.4.1
    # via beautifulsoup4
 urllib3==2.0.4
    # via requests
 werkzeug==2.3.6
    # via flask
Author	SHA1	Message	Date
Michiel Scholten	a4225829e3	certifi security update and more	2023-07-26 22:59:53 +02:00
Michiel Scholten	f3dff354fc	requests security update	2023-05-23 22:38:31 +02:00
Michiel Scholten	ca71fa66df	flask security update and more	2023-05-09 09:14:34 +02:00
Michiel Scholten	09ab5acf76	Security updates	2023-02-16 10:22:42 +01:00
Michiel Scholten	e90d35238a	Security updates	2022-12-09 11:51:50 +01:00
Michiel Scholten	3092f83c8b	Serve the search JS with the correct mimetype	2022-07-23 11:10:55 +02:00
Michiel Scholten	a27787e956	Dependency updates	2022-07-23 11:10:50 +02:00
Michiel Scholten	21800911db	Security: lxml; more updates	2022-07-13 18:45:34 +02:00
Michiel Scholten	20a3d9f838	Latest everything	2022-04-23 09:09:50 +02:00
Michiel Scholten	0ab3bd2263	Security: lxml; more updates	2021-12-13 21:28:43 +01:00
Michiel Scholten	32b074b859	Security: urllib3; more updates	2021-07-06 15:10:18 +02:00
Michiel Scholten	5789bbe006	Latest everything	2021-03-25 10:16:17 +01:00
Michiel Scholten	2ef7358ac7	Jinja2 security fix; new-style pip-tools requirements	2021-02-02 08:51:18 +01:00
Michiel Scholten	d1e590390c	lxml security update and more	2020-12-02 09:19:05 +01:00
Michiel Scholten	7a1bc11004	Replaced deprecated AtomFeed by feedgen; some dep updates	2020-07-28 14:52:44 +02:00
Michiel Scholten	315c664fcc	Document the RapidAPI (MashApe) key for favicons	2020-05-06 14:04:33 +02:00
Michiel Scholten	db5944cec4	Werkzeug 1.0 has deprecated the AtomFeed	2020-05-06 14:02:09 +02:00
Michiel Scholten	becb734d17	Merge pull request #19 from mnishig/doc-MASHAPE_API_KEY Add description for 'MASHAPE_API_KEY'	2020-05-06 13:56:57 +02:00
Michiel Scholten	64ee0856c5	(Security) bumps	2020-05-05 19:59:27 +02:00
Masahide Nishihama	6c2be3070e	add description 'MASHAPE_API_KEY'	2020-04-28 10:30:52 +09:00
Michiel Scholten	426c2eda68	RapidAPI all the things	2020-04-16 13:34:10 +02:00
Michiel Scholten	b0e53d4a85	Back to a version that actually works	2020-03-20 20:47:58 +01:00
Michiel Scholten	1f69d9e53f	Lots of updates	2020-03-20 20:44:28 +01:00
Michiel Scholten	fc27d9f186	Merge pull request #17 from aquatix/snyk-fix-e8cd4803e12d5fe482405c22b3c5b385 [Snyk] Security upgrade urllib3 from 1.25.3 to 1.25.8	2020-03-07 09:22:34 +01:00
snyk-bot	6341b384bf	fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-559452	2020-03-07 07:48:53 +00:00
Michiel Scholten	f698ebfe18	Security updates for Flask&Werkzeug, more version bumps	2019-08-12 19:27:49 +02:00
Michiel Scholten	9f736ffe82	Move to RapidAPI url for favicons API	2019-07-27 10:45:04 +02:00
Michiel Scholten	e1a45a21b5	urllib3 security update, more version bumps	2019-05-04 10:41:49 +02:00
Michiel Scholten	9492d26511	Security update for urllib3, more bumps	2019-04-19 21:08:49 +02:00
Michiel Scholten	f7762ebc7b	Updates, amongst which a security update for Jinja2	2019-04-10 12:07:14 +02:00
Michiel Scholten	1c4bc61494	Minor version bumps	2019-02-28 12:48:44 +01:00
Michiel Scholten	2a87e0aa1f	Dependency version bumps	2019-02-11 13:23:03 +01:00
Michiel Scholten	0a24c7d170	(Security) updates	2018-10-18 20:56:51 +02:00