Skip to content

Commit

Permalink
Merge branch 'master' into dev
Browse files Browse the repository at this point in the history
  • Loading branch information
elliotwutingfeng authored Dec 2, 2023
2 parents b178976 + 974e864 commit 5918a0e
Show file tree
Hide file tree
Showing 7 changed files with 94 additions and 14 deletions.
60 changes: 60 additions & 0 deletions .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
name: Scorecard supply-chain security
on:
# For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
branch_protection_rule:
# To guarantee Maintained check is occasionally updated. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
schedule:
- cron: '37 3 * * 4'
push:
branches: [ "master" ]

# Declare default permissions as read only.
permissions: read-all

jobs:
analysis:
name: Scorecard analysis
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Needed to publish results and get a badge (see publish_results below).
id-token: write

steps:
- name: "Checkout code"
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
with:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
with:
results_file: results.sarif
results_format: sarif
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
# - you want to enable the Branch-Protection check without using the new GitHub Repos(which are public by default): https://github.blog/2023-07-24-github-repository-rules-are-now-generally-available/
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
# repo_token: ${{ secrets.SCORECARD_TOKEN }}

# - Publish results to OpenSSF REST API for easy access by consumers
# - Allows the repository to include the Scorecard badge.
# - See https://github.com/ossf/scorecard-action#publishing-results.
publish_results: true

# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
with:
sarif_file: results.sarif
19 changes: 15 additions & 4 deletions HISTORY.rst
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,23 @@
History
-------

3.5 (XXXX-XX-XX)
3.6 (2023-11-25)
++++++++++++++++
- String codec name is now 'idna2008' as overriding the system
codec 'idna' was not working.

- Fix regression to include tests in source distribution.

3.5 (2023-11-24)
++++++++++++++++

- Update to Unicode 15.1.0
- String codec name is now "idna2008" as overriding the system codec
"idna" was not working.
- Fix typing error for codec encoding
- Remove 'setup.py' to complete migration to pyproject.toml
- "setup.cfg" has been added for this release due to some downstream
lack of adherence to PEP 517. Should be removed in a future release
so please prepare accordingly.
- Removed reliance on a symlink for the "idna-data" tool to comport
with PEP 517 and the Python Packaging User Guide for sdist archives.
- Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions
Expand Down
2 changes: 1 addition & 1 deletion LICENSE.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
BSD 3-Clause License

Copyright (c) 2013-2022, Kim Davies and contributors.
Copyright (c) 2013-2023, Kim Davies and contributors.
All rights reserved.

Redistribution and use in source and binary forms, with or without
Expand Down
10 changes: 5 additions & 5 deletions README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ IDNA specification this conversion is not performed.
>>> idna.encode('Königsgäßchen', uts46=True, transitional=True)
'xn--knigsgsschen-lcb0w'
Implementors should use transitional processing with caution, only in
Implementers should use transitional processing with caution, only in
rare cases where conversion from legacy labels to current labels must be
performed (i.e. IDNA implementations that pre-date 2008). For typical
applications that just need to convert labels, transitional processing
Expand Down Expand Up @@ -155,8 +155,8 @@ and perform the required calculations to identify eligibility. There are
three main modes:

* ``idna-data make-libdata``. Generates ``idnadata.py`` and
``uts46data.py``, the pre-calculated lookup tables using for IDNA and
UTS 46 conversions. Implementors who wish to track this library against
``uts46data.py``, the pre-calculated lookup tables used for IDNA and
UTS 46 conversions. Implementers who wish to track this library against
a different Unicode version may use this tool to manually generate a
different version of the ``idnadata.py`` and ``uts46data.py`` files.

Expand All @@ -172,7 +172,7 @@ three main modes:

The tool accepts a number of arguments, described using ``idna-data
-h``. Most notably, the ``--version`` argument allows the specification
of the version of Unicode to use in computing the table data. For
of the version of Unicode to be used in computing the table data. For
example, ``idna-data --version 9.0.0 make-libdata`` will generate
library data against Unicode 9.0.0.

Expand All @@ -186,7 +186,7 @@ Additional Notes
* **Version support**. This library supports Python 3.5 and higher.
As this library serves as a low-level toolkit for a variety of
applications, many of which strive for broad compatibility with older
Python versions, there is no rush to remove older intepreter support.
Python versions, there is no rush to remove older interpreter support.
Removing support for older versions should be well justified in that the
maintenance burden has become too high.

Expand Down
14 changes: 11 additions & 3 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -1,11 +1,19 @@
# Security Policy

## Supported Versions

Security updates are applied only to the latest release.

## Reporting a Vulnerability
If you have discovered a security vulnerability in this project, please report it privately. **Do not disclose it as a public issue.** This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released.

Please disclose it at our [security advisory](https://github.com/kjd/idna/security/advisories/new).
If you have discovered a security vulnerability in this project, please
report it privately. **Do not disclose it as a public issue.** This gives
us time to work with you to fix the issue before public exposure, reducing
the chance that the exploit will be used before a patch is released.

Please disclose your issue through Github's
[security advisory facility](https://github.com/kjd/idna/security/advisories/new).

This project is maintained by a team of volunteers on a reasonable-effort basis. As such, vulnerabilities will be disclosed in a best effort base.
We will endeavor to prioritize review, remediation and disclosure of
vulnerabilites. However, be mindful that this project is maintained by a
team of volunteers who work on a best effort basis.
2 changes: 1 addition & 1 deletion idna/package_data.py
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
__version__ = '3.4'
__version__ = '3.6'

1 change: 1 addition & 0 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -43,3 +43,4 @@ dynamic = ["version"]

[tool.flit.sdist]
exclude = [".gitignore", ".github/"]
include = ["tests", "tools", "HISTORY.rst"]

0 comments on commit 5918a0e

Please sign in to comment.