diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 6f3c8134..7cf4a441 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,6 +1,47 @@ Release notes ============= +### Version 5.7.0 + +- Upgrade Python version to 3.14 + https://github.com/aboutcode-org/dejacode/pull/465 + +- Update Django to version 6.x + https://github.com/aboutcode-org/dejacode/pull/466 + +- Fix parsing of str into timezone aware dates in reporting + https://github.com/aboutcode-org/dejacode/pull/461 + +- Set usage policy from license profile + https://github.com/aboutcode-org/dejacode/pull/463 + +- Add support for OpenDocument format in report export + https://github.com/aboutcode-org/dejacode/pull/478 + +- Form validation on permission protected fields + https://github.com/aboutcode-org/dejacode/pull/479 + +- Fix stream scan results data instead of silencing timeouts + https://github.com/aboutcode-org/dejacode/pull/481 + +- Fix upgrade RQ to fix a worker failure + https://github.com/aboutcode-org/dejacode/pull/483 + +- Replace plain-text DRF token with PBKDF2-hashed API token + https://github.com/aboutcode-org/dejacode/pull/484 + +- Fix rendering of the burger menu as offcanvas + https://github.com/aboutcode-org/dejacode/pull/486 + +- Add ability to revoke an API key from profile view + https://github.com/aboutcode-org/dejacode/pull/491 + +- Rework the pagination with per-model setting + https://github.com/aboutcode-org/dejacode/pull/494 + +- Add generic views for API key management in `aboutcode.api_auth` module + https://github.com/aboutcode-org/dejacode/pull/500 + ### Version 5.6.0 - feat: import vulnerability data from ScanCode.io @@ -12,10 +53,10 @@ Release notes - feat: add package_content PurlDB field on Package model https://github.com/aboutcode-org/dejacode/issues/434 -- fix: exclude qualifiers and subpath for PURL comparison in get_purldb_entries +- Fix exclude qualifiers and subpath for PURL comparison in get_purldb_entries https://github.com/aboutcode-org/dejacode/issues/453 -- fix: update the readthedocs.yml config to fix the build +- Fix update the readthedocs.yml config to fix the build https://github.com/aboutcode-org/dejacode/issues/447 - chore: upgrade Django and related libraries to latest version diff --git a/dejacode/__init__.py b/dejacode/__init__.py index 2c8a0f28..ace993dc 100644 --- a/dejacode/__init__.py +++ b/dejacode/__init__.py @@ -14,7 +14,7 @@ import git -VERSION = "5.6.0" +VERSION = "5.7.0" PROJECT_DIR = Path(__file__).resolve().parent ROOT_DIR = PROJECT_DIR.parent diff --git a/pyproject.toml b/pyproject.toml index 9d66e2af..87141327 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta" [project] name = "dejacode" -version = "5.6.0" +version = "5.7.0" description = "Automate open source license compliance and ensure supply chain integrity" readme = "README.rst" requires-python = ">=3.14,<3.15" diff --git a/thirdparty/dist/jsonschema_specifications-2025.9.1-py3-none-any.whl.ABOUT b/thirdparty/dist/jsonschema_specifications-2025.9.1-py3-none-any.whl.ABOUT new file mode 100644 index 00000000..1b9603e1 --- /dev/null +++ b/thirdparty/dist/jsonschema_specifications-2025.9.1-py3-none-any.whl.ABOUT @@ -0,0 +1,38 @@ +about_resource: jsonschema_specifications-2025.9.1-py3-none-any.whl +name: jsonschema-specifications +version: 2025.9.1 +download_url: https://files.pythonhosted.org/packages/41/45/1a4ed80516f02155c51f51e8cedb3c1902296743db0bbc66608a0db2814f/jsonschema_specifications-2025.9.1-py3-none-any.whl +description: | + The JSON Schema meta-schemas and vocabularies, exposed as a Registry + ============================= + ``jsonschema-specifications`` + ============================= + + |PyPI| |Pythons| |CI| |ReadTheDocs| + + JSON support files from the `JSON Schema Specifications `_ (metaschemas, vocabularies, etc.), packaged for runtime access from Python as a `referencing-based Schema Registry `_. + + .. |PyPI| image:: https://img.shields.io/pypi/v/jsonschema-specifications.svg + :alt: PyPI version + :target: https://pypi.org/project/jsonschema-specifications/ + + .. |Pythons| image:: https://img.shields.io/pypi/pyversions/jsonschema-specifications.svg + :alt: Supported Python versions + :target: https://pypi.org/project/jsonschema-specifications/ + + .. |CI| image:: https://github.com/python-jsonschema/jsonschema-specifications/workflows/CI/badge.svg + :alt: Build status + :target: https://github.com/python-jsonschema/jsonschema-specifications/actions?query=workflow%3ACI + + .. |ReadTheDocs| image:: https://readthedocs.org/projects/jsonschema-specifications/badge/?version=stable&style=flat + :alt: ReadTheDocs status + :target: https://jsonschema-specifications.readthedocs.io/en/stable/ +package_url: pkg:pypi/jsonschema-specifications@2025.9.1 +license_expression: mit +copyright: Copyright jsonschema-specifications project contributors +attribute: yes +checksum_md5: 3bc19f16b4b7bf78e337a39664d3d7ac +licenses: + - key: mit + name: MIT License + file: mit.LICENSE diff --git a/thirdparty/dist/pydantic_core-2.41.5.tar.gz.ABOUT b/thirdparty/dist/pydantic_core-2.41.5.tar.gz.ABOUT new file mode 100644 index 00000000..c0e5a6eb --- /dev/null +++ b/thirdparty/dist/pydantic_core-2.41.5.tar.gz.ABOUT @@ -0,0 +1,159 @@ +about_resource: pydantic_core-2.41.5.tar.gz +name: pydantic-core +version: 2.41.5 +download_url: https://files.pythonhosted.org/packages/71/70/23b021c950c2addd24ec408e9ab05d59b035b39d97cdc1130e1bce647bb6/pydantic_core-2.41.5.tar.gz +description: | + Core functionality for Pydantic validation and serialization + # pydantic-core + + [![CI](https://github.com/pydantic/pydantic-core/workflows/ci/badge.svg?event=push)](https://github.com/pydantic/pydantic-core/actions?query=event%3Apush+branch%3Amain+workflow%3Aci) + [![Coverage](https://codecov.io/gh/pydantic/pydantic-core/branch/main/graph/badge.svg)](https://codecov.io/gh/pydantic/pydantic-core) + [![pypi](https://img.shields.io/pypi/v/pydantic-core.svg)](https://pypi.python.org/pypi/pydantic-core) + [![versions](https://img.shields.io/pypi/pyversions/pydantic-core.svg)](https://github.com/pydantic/pydantic-core) + [![license](https://img.shields.io/github/license/pydantic/pydantic-core.svg)](https://github.com/pydantic/pydantic-core/blob/main/LICENSE) + + This package provides the core functionality for [pydantic](https://docs.pydantic.dev) validation and serialization. + + Pydantic-core is currently around 17x faster than pydantic V1. + See [`tests/benchmarks/`](./tests/benchmarks/) for details. + + ## Example of direct usage + + _NOTE: You should not need to use pydantic-core directly; instead, use pydantic, which in turn uses pydantic-core._ + + ```py + from pydantic_core import SchemaValidator, ValidationError + + + v = SchemaValidator( + { + 'type': 'typed-dict', + 'fields': { + 'name': { + 'type': 'typed-dict-field', + 'schema': { + 'type': 'str', + }, + }, + 'age': { + 'type': 'typed-dict-field', + 'schema': { + 'type': 'int', + 'ge': 18, + }, + }, + 'is_developer': { + 'type': 'typed-dict-field', + 'schema': { + 'type': 'default', + 'schema': {'type': 'bool'}, + 'default': True, + }, + }, + }, + } + ) + + r1 = v.validate_python({'name': 'Samuel', 'age': 35}) + assert r1 == {'name': 'Samuel', 'age': 35, 'is_developer': True} + + # pydantic-core can also validate JSON directly + r2 = v.validate_json('{"name": "Samuel", "age": 35}') + assert r1 == r2 + + try: + v.validate_python({'name': 'Samuel', 'age': 11}) + except ValidationError as e: + print(e) + """ + 1 validation error for model + age + Input should be greater than or equal to 18 + [type=greater_than_equal, context={ge: 18}, input_value=11, input_type=int] + """ + ``` + + ## Getting Started + + ### Prerequisites + + You'll need: + 1. **[Rust](https://rustup.rs/)** - Rust stable (or nightly for coverage) + 2. **[uv](https://docs.astral.sh/uv/getting-started/installation/)** - Fast Python package manager (will install Python 3.9+ automatically) + 3. **[git](https://git-scm.com/)** - For version control + 4. **[make](https://www.gnu.org/software/make/)** - For running development commands (or use `nmake` on Windows) + + ### Quick Start + + ```bash + # Clone the repository (or from your fork) + git clone git@github.com:pydantic/pydantic-core.git + cd pydantic-core + + # Install all dependencies using uv, setup pre-commit hooks, and build the development version + make install + ``` + + Verify your installation by running: + + ```bash + make + ``` + + This runs a full development cycle: formatting, building, linting, and testing + + ### Development Commands + + Run `make help` to see all available commands, or use these common ones: + + ```bash + make build-dev # to build the package during development + make build-prod # to perform an optimised build for benchmarking + make test # to run the tests + make testcov # to run the tests and generate a coverage report + make lint # to run the linter + make format # to format python and rust code + make all # to run to run build-dev + format + lint + test + ``` + + ### Useful Resources + + * [`python/pydantic_core/_pydantic_core.pyi`](./python/pydantic_core/_pydantic_core.pyi) - Python API types + * [`python/pydantic_core/core_schema.py`](./python/pydantic_core/core_schema.py) - Core schema definitions + * [`tests/`](./tests) - Comprehensive usage examples + + ## Profiling + + It's possible to profile the code using the [`flamegraph` utility from `flamegraph-rs`](https://github.com/flamegraph-rs/flamegraph). (Tested on Linux.) You can install this with `cargo install flamegraph`. + + Run `make build-profiling` to install a release build with debugging symbols included (needed for profiling). + + Once that is built, you can profile pytest benchmarks with (e.g.): + + ```bash + flamegraph -- pytest tests/benchmarks/test_micro_benchmarks.py -k test_list_of_ints_core_py --benchmark-enable + ``` + The `flamegraph` command will produce an interactive SVG at `flamegraph.svg`. + + ## Releasing + + 1. Bump package version locally. Do not just edit `Cargo.toml` on Github, you need both `Cargo.toml` and `Cargo.lock` to be updated. + 2. Make a PR for the version bump and merge it. + 3. Go to https://github.com/pydantic/pydantic-core/releases and click "Draft a new release" + 4. In the "Choose a tag" dropdown enter the new tag `v` and select "Create new tag on publish" when the option appears. + 5. Enter the release title in the form "v " + 6. Click Generate release notes button + 7. Click Publish release + 8. Go to https://github.com/pydantic/pydantic-core/actions and ensure that all build for release are done successfully. + 9. Go to https://pypi.org/project/pydantic-core/ and ensure that the latest release is published. + 10. Done 🎉 +homepage_url: https://github.com/pydantic/pydantic-core +package_url: pkg:pypi/pydantic-core@2.41.5 +license_expression: mit +copyright: Copyright Samuel Colvin +attribute: yes +checksum_md5: 54a367c4549ec48a8b3a63d38e821506 +licenses: + - key: mit + name: MIT License + file: mit.LICENSE diff --git a/thirdparty/dist/typing_inspection-0.4.2-py3-none-any.whl.ABOUT b/thirdparty/dist/typing_inspection-0.4.2-py3-none-any.whl.ABOUT new file mode 100644 index 00000000..794e6edd --- /dev/null +++ b/thirdparty/dist/typing_inspection-0.4.2-py3-none-any.whl.ABOUT @@ -0,0 +1,38 @@ +about_resource: typing_inspection-0.4.2-py3-none-any.whl +name: typing-inspection +version: 0.4.2 +download_url: https://files.pythonhosted.org/packages/dc/9b/47798a6c91d8bdb567fe2698fe81e0c6b7cb7ef4d13da4114b41d239f65d/typing_inspection-0.4.2-py3-none-any.whl +description: | + Runtime typing introspection tools + # typing-inspection + + [![CI](https://img.shields.io/github/actions/workflow/status/pydantic/typing-inspection/ci.yml?branch=main&logo=github&label=CI)](https://github.com/pydantic/typing-inspection/actions?query=event%3Apush+branch%3Amain+workflow%3ACI) + [![Coverage](https://coverage-badge.samuelcolvin.workers.dev/pydantic/typing-inspection.svg)](https://coverage-badge.samuelcolvin.workers.dev/redirect/pydantic/typing-inspection) + [![PyPI](https://img.shields.io/pypi/v/typing-inspection.svg)](https://pypi.org/project/typing-inspection/) + [![Versions](https://img.shields.io/pypi/pyversions/typing-inspection.svg)](https://github.com/pydantic/typing-inspection) + [![License](https://img.shields.io/github/license/pydantic/typing-inspection.svg)](https://github.com/pydantic/typing-inspection/blob/main/LICENSE) + [![Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff) + + `typing-inspection` provides tools to inspect type annotations at runtime. + + ## Installation + + From [PyPI](https://pypi.org/project/typing-inspection/): + + ```bash + pip install typing-inspection + ``` + + The library can be imported from the `typing_inspection` module. +package_url: pkg:pypi/typing-inspection@0.4.2 +license_expression: mit AND unknown-license-reference +copyright: Copyright typing-inspection project contributors +attribute: yes +checksum_md5: 245304d58de21f4f0bdd15f7ea4b0ea8 +licenses: + - key: mit + name: MIT License + file: mit.LICENSE + - key: unknown-license-reference + name: Unknown License file reference + file: unknown-license-reference.LICENSE