{"id": 295711504, "node_id": "MDExOlB1bGxSZXF1ZXN0Mjk1NzExNTA0", "number": 554, "state": "closed", "locked": 0, "title": "Fix static mounts using relative paths and prevent traversal exploits", "user": {"value": 3243482, "label": "abdusco"}, "body": "While debugging why my static mounts using a relative path (`--static mystatic:rel/path/to/dir`) not working, I noticed that the requests fail no matter what, returning 404 errors. \r\n\r\nThe reason is that datasette tries to prevent traversal exploits by checking if the path is relative to its registered directory. This check fails when the mount is a relative directory, because `/abs/dir/file` obviously not under `dir/file`. \r\n\r\nhttps://github.com/simonw/datasette/blob/81fa8b6cdc5457b42a224779e5291952314e8d20/datasette/utils/asgi.py#L303-L306\r\n\r\nThis also has the consequence of returning any requested file, because when `/abs/dir/../../evil.file` resolves `aiofiles` happily returns it to the client after it resolves the path itself. The solution is to make sure we're checking relativity of paths after they're fully resolved.\r\n\r\nI've implemented the mentioned changes and also updated the tests.", "created_at": "2019-07-09T11:32:02Z", "updated_at": "2019-07-11T16:29:26Z", "closed_at": "2019-07-11T16:13:19Z", "merged_at": "2019-07-11T16:13:19Z", "merge_commit_sha": "74ecf8a7cc45cabf369e510c7214f5ed85c8c6d8", "assignee": null, "milestone": null, "draft": 0, "head": "fa7ddea3ea6c9378bee7d5f5c93fe05d735a0afb", "base": "81fa8b6cdc5457b42a224779e5291952314e8d20", "author_association": "CONTRIBUTOR", "repo": {"value": 107914493, "label": "datasette"}, "url": "https://github.com/simonw/datasette/pull/554", "merged_by": null, "auto_merge": null} {"id": 295748268, "node_id": "MDExOlB1bGxSZXF1ZXN0Mjk1NzQ4MjY4", "number": 556, "state": "closed", "locked": 0, "title": "Add support for running datasette as a module", "user": {"value": 3243482, "label": "abdusco"}, "body": "This PR allows running datasette using `python -m datasette` command in addition to just running the executable.\r\n\r\nThis function is quite useful when debugging a plugin in a project because IDEs like PyCharm can easily start a debug session when datasette is run as a module in contrast to trying to attach a debugger to a running process.\r\n\r\n![image](https://user-images.githubusercontent.com/3243482/60890448-fc4ede80-a263-11e9-8b42-d2a3db8d1a59.png)\r\n", "created_at": "2019-07-09T13:13:30Z", "updated_at": "2019-07-11T16:07:45Z", "closed_at": "2019-07-11T16:07:44Z", "merged_at": "2019-07-11T16:07:44Z", "merge_commit_sha": "9ca860e54fe480d0a365c0c1d8d085926d12be1e", "assignee": null, "milestone": null, "draft": 0, "head": "056a7eac9480cb814d9c453b983e6b2b831e0ca1", "base": "81fa8b6cdc5457b42a224779e5291952314e8d20", "author_association": "CONTRIBUTOR", "repo": {"value": 107914493, "label": "datasette"}, "url": "https://github.com/simonw/datasette/pull/556", "merged_by": null, "auto_merge": null} {"id": 296735320, "node_id": "MDExOlB1bGxSZXF1ZXN0Mjk2NzM1MzIw", "number": 557, "state": "closed", "locked": 0, "title": "Get tests running on Windows using Travis CI", "user": {"value": 9599, "label": "simonw"}, "body": "Refs #511", "created_at": "2019-07-11T16:36:57Z", "updated_at": "2021-07-10T23:39:48Z", "closed_at": "2021-07-10T23:39:48Z", "merged_at": null, "merge_commit_sha": "cddb9a9fecfa25147d80df05f1a6d6e1686ca30d", "assignee": null, "milestone": null, "draft": 0, "head": "47b5ab43be87217c4e40ad93b8aa2e9639fa371f", "base": "f2006cca80040871439055ae6ccbc14e589bdf4b", "author_association": "OWNER", "repo": {"value": 107914493, "label": "datasette"}, "url": "https://github.com/simonw/datasette/pull/557", "merged_by": null, "auto_merge": null} {"id": 297243073, "node_id": "MDExOlB1bGxSZXF1ZXN0Mjk3MjQzMDcz", "number": 559, "state": "closed", "locked": 0, "title": "Bump to uvicorn 0.8.4", "user": {"value": 9599, "label": "simonw"}, "body": "https://github.com/encode/uvicorn/commits/0.8.4\r\n\r\nQuery strings will now be included in log files: https://github.com/encode/uvicorn/pull/384", "created_at": "2019-07-12T22:30:29Z", "updated_at": "2019-07-13T22:34:58Z", "closed_at": "2019-07-13T22:34:58Z", "merged_at": "2019-07-13T22:34:58Z", "merge_commit_sha": "d224ee2c98ac39c2c6e21a0ac0c62e5c3e1ccd11", "assignee": null, "milestone": null, "draft": 0, "head": "029e3d53634cc38690d5b56427a3c87851a61b09", "base": "f2006cca80040871439055ae6ccbc14e589bdf4b", "author_association": "OWNER", "repo": {"value": 107914493, "label": "datasette"}, "url": "https://github.com/simonw/datasette/pull/559", "merged_by": null, "auto_merge": null} {"id": 297412464, "node_id": "MDExOlB1bGxSZXF1ZXN0Mjk3NDEyNDY0", "number": 38, "state": "closed", "locked": 0, "title": "table.update() method", "user": {"value": 9599, "label": "simonw"}, "body": "Refs #35\r\n\r\nStill to do:\r\n\r\n- [x] Unit tests\r\n- [x] Switch to using `.get()`\r\n- [x] Better exceptions, plus unit tests for what happens if pk does not exist\r\n- [x] Documentation\r\n- [x] Ensure compound primary keys work properly\r\n- [x] `alter=True` support", "created_at": "2019-07-14T17:03:49Z", "updated_at": "2019-07-28T15:43:51Z", "closed_at": "2019-07-28T15:43:51Z", "merged_at": "2019-07-28T15:43:51Z", "merge_commit_sha": "0747dabb24b608e8524de4858ce50c60ba7e471b", "assignee": null, "milestone": null, "draft": 0, "head": "16d7008002b43cf47a973791da93e5cdd5913fc3", "base": "a6749cdf43229c4f7864c946496e9ac0141627d9", "author_association": "OWNER", "repo": {"value": 140912432, "label": "sqlite-utils"}, "url": "https://github.com/simonw/sqlite-utils/pull/38", "merged_by": null, "auto_merge": null} {"id": 297459797, "node_id": "MDExOlB1bGxSZXF1ZXN0Mjk3NDU5Nzk3", "number": 40, "state": "closed", "locked": 0, "title": ".get() method plus support for compound primary keys", "user": {"value": 9599, "label": "simonw"}, "body": "- [x] Tests for the `NotFoundError` exception\r\n- [x] Documentation for `.get()` method\r\n- [x] Support `--pk` multiple times to define CLI compound primary keys\r\n- [x] Documentation for compound primary keys", "created_at": "2019-07-15T03:43:13Z", "updated_at": "2019-07-15T04:28:57Z", "closed_at": "2019-07-15T04:28:52Z", "merged_at": "2019-07-15T04:28:52Z", "merge_commit_sha": "c65b67ca46f70e2da46a5b945f4ed358173262e9", "assignee": null, "milestone": null, "draft": 0, "head": "b5a5df6d0ed47f33f6e1b4873948ead9a7c71060", "base": "65b2156d9cc0aa6b5c3dc7a6bd600d98b281a13b", "author_association": "OWNER", "repo": {"value": 140912432, "label": "sqlite-utils"}, "url": "https://github.com/simonw/sqlite-utils/pull/40", "merged_by": null, "auto_merge": null} {"id": 298962551, "node_id": "MDExOlB1bGxSZXF1ZXN0Mjk4OTYyNTUx", "number": 561, "state": "closed", "locked": 0, "title": "Fix typos", "user": {"value": 15278512, "label": "minho42"}, "body": "", "created_at": "2019-07-18T15:13:35Z", "updated_at": "2019-07-26T10:25:45Z", "closed_at": "2019-07-26T10:25:45Z", "merged_at": "2019-07-26T10:25:45Z", "merge_commit_sha": "27cb29365c9f5f6f1492968d1268497193ed75a2", "assignee": null, "milestone": null, "draft": 0, "head": "41341195075adc5093d33633d980657ecdac043c", "base": "a9453c4dda70bbf5122835e68f63db6ecbe1a6fc", "author_association": "CONTRIBUTOR", "repo": {"value": 107914493, "label": "datasette"}, "url": "https://github.com/simonw/datasette/pull/561", "merged_by": null, "auto_merge": null} {"id": 300286535, "node_id": "MDExOlB1bGxSZXF1ZXN0MzAwMjg2NTM1", "number": 45, "state": "closed", "locked": 0, "title": "Implemented table.lookup(...), closes #44", "user": {"value": 9599, "label": "simonw"}, "body": "", "created_at": "2019-07-23T13:03:30Z", "updated_at": "2019-07-23T13:07:00Z", "closed_at": "2019-07-23T13:07:00Z", "merged_at": "2019-07-23T13:07:00Z", "merge_commit_sha": "580502431614d3653c93249988290265f3163d4b", "assignee": null, "milestone": null, "draft": 0, "head": "c0852ce018425450d6c040040f32729d41ff635c", "base": "f3a4c3d3ee6475a6caf3c9606656dbaf1df020b7", "author_association": "OWNER", "repo": {"value": 140912432, "label": "sqlite-utils"}, "url": "https://github.com/simonw/sqlite-utils/pull/45", "merged_by": null, "auto_merge": null} {"id": 300377599, "node_id": "MDExOlB1bGxSZXF1ZXN0MzAwMzc3NTk5", "number": 47, "state": "closed", "locked": 0, "title": "extracts= table parameter", "user": {"value": 9599, "label": "simonw"}, "body": "Still needs docs. Refs #46", "created_at": "2019-07-23T16:30:29Z", "updated_at": "2019-07-23T17:00:43Z", "closed_at": "2019-07-23T17:00:43Z", "merged_at": "2019-07-23T17:00:43Z", "merge_commit_sha": "941d281aee6eac20ad64b505511da7e47f697700", "assignee": null, "milestone": null, "draft": 0, "head": "1c9d08f75a48b2a3770f2a880462dc8b195289b7", "base": "e22cfcd953f967f6e9551b3a048d7c40726f349b", "author_association": "OWNER", "repo": {"value": 140912432, "label": "sqlite-utils"}, "url": "https://github.com/simonw/sqlite-utils/pull/47", "merged_by": null, "auto_merge": null} {"id": 300580221, "node_id": "MDExOlB1bGxSZXF1ZXN0MzAwNTgwMjIx", "number": 8, "state": "closed", "locked": 0, "title": "Use less RAM", "user": {"value": 9599, "label": "simonw"}, "body": "Closes #7", "created_at": "2019-07-24T06:35:01Z", "updated_at": "2019-07-24T06:35:52Z", "closed_at": "2019-07-24T06:35:52Z", "merged_at": "2019-07-24T06:35:52Z", "merge_commit_sha": "c8392df78ee3e1643d18b747a4abf585d84d5d88", "assignee": null, "milestone": null, "draft": 0, "head": "6261500b01274a739176480774e82b31f2926e7f", "base": "5d7e14d40d5a4cfd133ca5faa442312f607784c5", "author_association": "MEMBER", "repo": {"value": 197882382, "label": "healthkit-to-sqlite"}, "url": "https://github.com/dogsheep/healthkit-to-sqlite/pull/8", "merged_by": null, "auto_merge": null} {"id": 301483613, "node_id": "MDExOlB1bGxSZXF1ZXN0MzAxNDgzNjEz", "number": 564, "state": "open", "locked": 0, "title": "First proof-of-concept of Datasette Library", "user": {"value": 9599, "label": "simonw"}, "body": "Refs #417. Run it like this:\r\n\r\n datasette -d ~/Library\r\n\r\nUses a new plugin hook - available_databases()\r\n", "created_at": "2019-07-26T10:22:26Z", "updated_at": "2023-02-07T15:14:11Z", "closed_at": null, "merged_at": null, "merge_commit_sha": "4f425d2b39d1be10d7ef5c146480a3eb494d5086", "assignee": null, "milestone": null, "draft": 1, "head": "947645d84710677ea50762016081a9fbc6b014a8", "base": "a9453c4dda70bbf5122835e68f63db6ecbe1a6fc", "author_association": "OWNER", "repo": {"value": 107914493, "label": "datasette"}, "url": "https://github.com/simonw/datasette/pull/564", "merged_by": null, "auto_merge": null} {"id": 301824097, "node_id": "MDExOlB1bGxSZXF1ZXN0MzAxODI0MDk3", "number": 51, "state": "closed", "locked": 0, "title": "Fix for too many SQL variables, closes #50", "user": {"value": 9599, "label": "simonw"}, "body": "", "created_at": "2019-07-28T11:30:30Z", "updated_at": "2019-07-28T11:59:32Z", "closed_at": "2019-07-28T11:59:32Z", "merged_at": "2019-07-28T11:59:32Z", "merge_commit_sha": "9cb045284ede8009c12abdb1755b5b20f6ccff5f", "assignee": null, "milestone": null, "draft": 0, "head": "0c1b8b7f96be874bb63801f69323960f277aa49a", "base": "9b7be79c86b4283f24a64f62257c918f12542997", "author_association": "OWNER", "repo": {"value": 140912432, "label": "sqlite-utils"}, "url": "https://github.com/simonw/sqlite-utils/pull/51", "merged_by": null, "auto_merge": null} {"id": 303990683, "node_id": "MDExOlB1bGxSZXF1ZXN0MzAzOTkwNjgz", "number": 53, "state": "closed", "locked": 0, "title": "Work in progress: m2m() method for creating many-to-many records", "user": {"value": 9599, "label": "simonw"}, "body": "- [x] `table.insert({\"name\": \"Barry\"}).m2m(\"tags\", lookup={\"tag\": \"Coworker\"})`\r\n- [x] Explicit table name `.m2m(\"humans\", ..., m2m_table=\"relationships\")`\r\n- [x] Automatically use an existing m2m table if a single obvious candidate exists (a table with two foreign keys in the correct directions)\r\n- [x] Require the explicit `m2m_table=` argument if multiple candidates for the m2m table exist\r\n- [x] Documentation\r\n\r\nRefs #23", "created_at": "2019-08-03T10:03:56Z", "updated_at": "2019-08-04T03:38:10Z", "closed_at": "2019-08-04T03:37:33Z", "merged_at": "2019-08-04T03:37:33Z", "merge_commit_sha": "4c0912dbf27b12071aca9569bcf7233e60f91c7c", "assignee": null, "milestone": null, "draft": 0, "head": "243bcaa1acd32a173c07b24dca553991493005a0", "base": "e1021030dd2d8d4705ad0e7bae389eeaea7fa17b", "author_association": "OWNER", "repo": {"value": 140912432, "label": "sqlite-utils"}, "url": "https://github.com/simonw/sqlite-utils/pull/53", "merged_by": null, "auto_merge": null} {"id": 308292447, "node_id": "MDExOlB1bGxSZXF1ZXN0MzA4MjkyNDQ3", "number": 55, "state": "closed", "locked": 0, "title": "Ability to introspect and run queries against views", "user": {"value": 9599, "label": "simonw"}, "body": "See #54 ", "created_at": "2019-08-17T13:40:56Z", "updated_at": "2019-08-23T12:19:42Z", "closed_at": "2019-08-23T12:19:42Z", "merged_at": "2019-08-23T12:19:42Z", "merge_commit_sha": "9faa98222669723d31e918bb16a42c13c363817f", "assignee": null, "milestone": null, "draft": 0, "head": "4441d6d838fd7518ce715184361f549a04ec8b70", "base": "0e7b461eb3e925aef713206c15794ceae9259c57", "author_association": "OWNER", "repo": {"value": 140912432, "label": "sqlite-utils"}, "url": "https://github.com/simonw/sqlite-utils/pull/55", "merged_by": null, "auto_merge": null} {"id": 313007483, "node_id": "MDExOlB1bGxSZXF1ZXN0MzEzMDA3NDgz", "number": 56, "state": "closed", "locked": 0, "title": "Escape the table name in populate_fts and search.", "user": {"value": 49260, "label": "amjith"}, "body": "The table names weren't escaped using double quotes in the populate_fts method. \r\n\r\nReproducible case: \r\n```\r\n>>> import sqlite_utils\r\n>>> db = sqlite_utils.Database(\"abc.db\")\r\n>>> db[\"http://example.com\"].insert_all([\r\n... {\"id\": 1, \"age\": 4, \"name\": \"Cleo\"},\r\n... {\"id\": 2, \"age\": 2, \"name\": \"Pancakes\"}\r\n... ], pk=\"id\")\r\n
b85283e
release version 2.11.13d5bfc6
Merge pull request #1143 from pallets/bugfix/attribute-accessd61c1ea
add changelog15d7e61
Added regression test for slicing of attributes05dee9b
Fix attribute access in async code. Fixes #1141bbdafe3
release version 2.11.09ff27f6
add python 3.8 classifier, clean up changelogd312609
isolate bytecode cache tests9849979
import Markup from markupsafe, fix flake8 import warningsc6d864c
increment bytecode cache version9a2141e
0.5.0479b7ee
Update README6c247a2
Modernize testseec75d3
Switch to async def wherever possible786c3e9
Prepare for 3.81451075
Update README.rst5db1e38
Add several async os functionsa60f19b
Add async remove function9cf2ac8
Merge pull request #53 from graingert/patch-1b88912c
all should be a List[str]3d6e7b4
v1.3.0 - support additive merging of Counter
types56a258a
v1.2.1 - tidy docs and variable names61ab213
v1.2.0 - support both TYPESAFE_REPLACE and TYPESAFE_ADDITIVE merge strategies...b331bb5
cleanup Makefile6f577bf
officially label support for python3.884faf37
use pipenv for managing dev dependencies3a8761a
Update README.md1026c39
0.11.0ab2b140
Test on Python 3.8, drop 3.3 and 3.46397a22
plugin: Use pytest 5.4.0 new Function API21a0f94
Replace yield_fixture() by fixture()964b295
Added min hypothesis version so that bugfix for https://github.com/Hypothesis...4a11a20
Add max supported pytest version to < 5.4.0 to prevent fails until #141 is fi...b305594
Change event_loop to module scope in hypothesis tests, fixing #145.d5a0f47
Enable test_subprocess to be run on win, by changing to ProactorEventLoop in ...d07cd2d
Fix required pytest version86cd9a6
Handle BaseExceptions from loop.run_until_complete (#126)Sourced from janus's changelog.
\n\n\n0.5.0 (2020-04-23)
\n\n
\n- Remove explicit loop arguments and forbid creating queues outside event loops #246
\n0.4.0 (2018-07-28)
\n\n
\n- Add
\npy.typed
macro #89- Drop python 3.4 support and fix minimal version python3.5.3 #88
\n- Add property with that indicates if queue is closed #86
\n0.3.2 (2018-07-06)
\n\n
\n- Fixed python 3.7 support #97
\n0.3.1 (2018-01-30)
\n\n
\n- Fixed bug with join() in case tasks are added by sync_q.put() #75
\n0.3.0 (2017-02-21)
\n\n
\n- Expose unfinished_tasks property #34
\n0.2.4 (2016-12-05)
\n\n
\n- Restore tarball deploying
\n0.2.3 (2016-07-12)
\n\n
\n- Fix exception type
\n0.2.2 (2016-07-11)
\n\n
\n- Update asyncio.async() to use asyncio.ensure_future() #6
\n0.2.1 (2016-03-24)
\n\n
\n- Fix python setup.py test command #4
\n0.2.0 (2015-09-20)
\n ... (truncated)\n
8e89b45
Bump to 0.5.0ec8592b
Fix up Python 3.8 loop argument warnings (#246)2543af6
Bump coverage from 5.0.4 to 5.103d1b36
Bump tox from 3.14.5 to 3.14.68219c38
Bump coverage from 5.0.3 to 5.0.485ec71d
Bump pytest from 5.4.0 to 5.4.13b974c9
Bump pytest from 5.3.5 to 5.4.0282dc12
Bump mypy from 0.761 to 0.7701364fb3
Bump tox from 3.14.4 to 3.14.5dc519bb
Bump tox from 3.14.3 to 3.14.4b8e2a45
0.12.006580c6
Update changelogb45de23
Fixed failing test case, 'test_asyncio_marker_without_loop'.238cced
Put event_loop first among the fixtures of asyncio tests, fixes #154.e5e3dc7
Added unittests for issue #154.a7e5795
0.12.0 open for business!1026c39
0.11.0ab2b140
Test on Python 3.8, drop 3.3 and 3.46397a22
plugin: Use pytest 5.4.0 new Function API21a0f94
Replace yield_fixture() by fixture()53f3da7
Prepare for releasee99569d
A line is added to the changelog.4099b63
One import is not needed68513b3
Clarify names and comments, according to yanlend comments 26 May907e8f2
FIX new test_cases on python 3.5 & 3.651d986c
To solve test cases that fail:f97e900
1) Test case (test_async_fixtures_with_finalizer) refactoring to pass on pyth...c1131f8
1) A new test case that fails with 0.12.0, and pass with this commit.7a255bc
0.13.0 open for businessb8e2a45
0.12.0