Bringing in latest from upstream (#30)

* Remove py3.7 (pinterest#234)

* Remove py3.7

* Restore cache action

* Bump cryptography from 39.0.2 to 41.0.1 (pinterest#260)

Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.2 to 41.0.1.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@39.0.2...41.0.1)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump tox from 3.25.0 to 4.6.0 (pinterest#262)

Bumps [tox](https://github.com/tox-dev/tox) from 3.25.0 to 4.6.0.
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](tox-dev/tox@3.25.0...4.6.0)

---
updated-dependencies:
- dependency-name: tox
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump fakeredis from 1.7.5 to 2.14.1 (pinterest#263)

Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 1.7.5 to 2.14.1.
- [Release notes](https://github.com/cunla/fakeredis-py/releases)
- [Commits](cunla/fakeredis-py@v1.7.5...v2.14.1)

---
updated-dependencies:
- dependency-name: fakeredis
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump flask from 2.1.2 to 2.3.2 (pinterest#250)

Bumps [flask](https://github.com/pallets/flask) from 2.1.2 to 2.3.2.
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@2.1.2...2.3.2)

---
updated-dependencies:
- dependency-name: flask
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pytest from 7.1.2 to 7.3.1 (pinterest#243)

Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.1.2 to 7.3.1.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@7.1.2...7.3.1)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump redis from 4.5.3 to 4.5.5 (pinterest#253)

Bump redis from 4.3.3 to 4.5.5

Bumps [redis](https://github.com/redis/redis-py) from 4.3.3 to 4.5.5.
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](redis/redis-py@v4.3.3...v4.5.5)

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuru Shao <yshao@pinterest.com>

* Bump coverage from 6.4.1 to 7.2.7 (pinterest#267)

Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.4.1 to 7.2.7.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](nedbat/coveragepy@6.4.1...7.2.7)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pytest-cov from 3.0.0 to 4.1.0 (pinterest#266)

Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 3.0.0 to 4.1.0.
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/pytest-cov@v3.0.0...v4.1.0)

---
updated-dependencies:
- dependency-name: pytest-cov
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/checkout from 3 to 4 (pinterest#282)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [Snyk] Security upgrade cryptography from 41.0.1 to 41.0.4 (pinterest#284)

fix: requirements.txt to reduce vulnerabilities


The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629

Co-authored-by: snyk-bot <snyk-bot@snyk.io>

* Bump tox from 4.6.0 to 4.11.3 (pinterest#287)

Bumps [tox](https://github.com/tox-dev/tox) from 4.6.0 to 4.11.3.
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](tox-dev/tox@4.6.0...4.11.3)

---
updated-dependencies:
- dependency-name: tox
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump fakeredis from 2.14.1 to 2.20.0

Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 2.14.1 to 2.20.0.
- [Release notes](https://github.com/cunla/fakeredis-py/releases)
- [Commits](cunla/fakeredis-py@v2.14.1...v2.20.0)

---
updated-dependencies:
- dependency-name: fakeredis
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump redis from 4.5.5 to 5.0.1

Bumps [redis](https://github.com/redis/redis-py) from 4.5.5 to 5.0.1.
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](redis/redis-py@v4.5.5...v5.0.1)

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Install deps from requirements.txt (pinterest#303)

* Prepare 1.6.1 release (pinterest#304)

* Prepare 1.6.1 release

* Update configs

* Fix dev requirements

* Bump version: 1.6.0 → 1.6.1 (pinterest#305)

* Use urllib.parse for quoting/unquoting plus instead of deprecated werkzeug.urls (pinterest#300)

Use urllib.parse for quoting/unquoting plus

werkzeug.urls.url_quote_plus and werkzeug.urls.url_unquote_plus were deprecated and are removed in 3.0.0 and newer versions.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Yuru Shao <yshao@pinterest.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Devin Lundberg <devin60070@gmail.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Yuping Li <ypli@ksu.edu>
Co-authored-by: vin01 <30344579+vin01@users.noreply.github.com>

.dockerignore

@@ -6,7 +6,6 @@
 CONTRIBUTING.rst
 docker-compose.yml
 Dockerfile
-requirements.txt
 tests.py
 tox.ini
 

.github/workflows/ci.yml

@@ -16,7 +16,7 @@ jobs:
         python-version: ['3.8', '3.9', '3.10']
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Set up Python ${{ matrix.python-version }}
       uses: actions/setup-python@v4
       with:

.github/workflows/codeql-analysis.yml

@@ -32,7 +32,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

Dockerfile

@@ -8,12 +8,13 @@ RUN groupadd -r snappass && \
 
 WORKDIR $APP_DIR
 
-COPY ["setup.py", "MANIFEST.in", "README.rst", "AUTHORS.rst", "$APP_DIR/"]
+COPY ["setup.py", "requirements.txt", "MANIFEST.in", "README.rst", "AUTHORS.rst", "$APP_DIR/"]
 COPY ["./snappass", "$APP_DIR/snappass"]
 
 RUN python setup.py install && \
     chown -R snappass $APP_DIR && \
     chgrp -R snappass $APP_DIR
+RUN pip install -r requirements.txt
 
 USER snappass
 

README.rst

@@ -47,7 +47,7 @@ Requirements
 ------------
 
 * `Redis`_
-* Python 3.7+
+* Python 3.8+
 
 .. _Redis: https://redis.io/
 

dev-requirements.txt

@@ -1,7 +1,9 @@
 coverage==7.2.7
-fakeredis==2.14.1
+fakeredis==2.20.0
 flake8==6.0.0
 freezegun==1.2.1
 pytest==7.3.1
 pytest-cov==4.1.0
-tox==4.6.0
+tox==4.11.3
+bumpversion==0.6.0
+wheel==0.42.0

requirements.txt

@@ -1,7 +1,7 @@
-cryptography==41.0.1
+cryptography==41.0.4
 Flask==2.3.2
 itsdangerous==2.1.2
 Jinja2==3.1.2
 MarkupSafe==2.1.1
-redis==4.5.5
+redis==5.0.1
 Werkzeug==2.3.3

setup.cfg

@@ -1,10 +1,9 @@
 [bumpversion]
-current_version = 1.6.0
+current_version = 1.6.1
 commit = True
 tag = True
-files = setup.py snappass/__init__.py
+files = setup.py
 
 [flake8]
 show-source = True
 max-line-length = 120
-

setup.py

@@ -2,7 +2,7 @@
 
 setup(
     name='snappass',
-    version='1.6.0',
+    version='1.6.1',
     description="It's like SnapChat... for Passwords.",
     long_description=(open('README.rst').read() + '\n\n' +
                       open('AUTHORS.rst').read()),
@@ -18,7 +18,7 @@
         ],
     },
     include_package_data=True,
-    python_requires='>=3.7, <4',
+    python_requires='>=3.8, <4',
     classifiers=[
         'Development Status :: 5 - Production/Stable',
         'Intended Audience :: Developers',
@@ -27,7 +27,6 @@
         'Operating System :: OS Independent',
         'Programming Language :: Python',
         'Programming Language :: Python :: 3',
-        'Programming Language :: Python :: 3.7',
         'Programming Language :: Python :: 3.8',
         'Programming Language :: Python :: 3.9',
         'Programming Language :: Python :: 3.10',

snappass/main.py

@@ -7,8 +7,8 @@
 from cryptography.fernet import Fernet
 from flask import abort, Flask, render_template, request, jsonify
 from redis.exceptions import ConnectionError
-from werkzeug.urls import url_quote_plus
-from werkzeug.urls import url_unquote_plus
+from urllib.parse import quote_plus
+from urllib.parse import unquote_plus
 from distutils.util import strtobool
 
 NO_SSL = bool(strtobool(os.environ.get('NO_SSL', 'False')))
@@ -176,7 +176,7 @@ def handle_password():
             base_url = request.url_root.replace("http://", "https://")
     if URL_PREFIX:
         base_url = base_url + URL_PREFIX.strip("/") + "/"
-    link = base_url + url_quote_plus(token)
+    link = base_url + quote_plus(token)
     if request.accept_mimetypes.accept_json and not request.accept_mimetypes.accept_html:
         return jsonify(link=link, ttl=ttl)
     else:
@@ -185,7 +185,7 @@ def handle_password():
 
 @app.route('/<password_key>', methods=['GET'])
 def preview_password(password_key):
-    password_key = url_unquote_plus(password_key)
+    password_key = unquote_plus(password_key)
     if not password_exists(password_key):
         return render_template('expired.html'), 404
 
@@ -194,7 +194,7 @@ def preview_password(password_key):
 
 @app.route('/<password_key>', methods=['POST'])
 def show_password(password_key):
-    password_key = url_unquote_plus(password_key)
+    password_key = unquote_plus(password_key)
     password = get_password(password_key)
     if not password:
         return render_template('expired.html'), 404