python / blurb_it Goto Github PK
View Code? Open in Web Editor NEW`blurb add` over the internet
Home Page: https://blurb-it.herokuapp.com/
License: Apache License 2.0
`blurb add` over the internet
Home Page: https://blurb-it.herokuapp.com/
License: Apache License 2.0
For new contributors, it's not clear how blurb_it works.
It would be great if there is a "How it works" page explaining this.
Also clarify that this works for CPython only.
This page should be linked from the landing page.
Sample screenshots can be seen in: and additional info: https://discuss.python.org/t/blurb-it-is-now-available/528
I still see a field labeled bpo-
on the "Blurb It!" form entry page. Presumably, this should be changed to gh-issue-
and the output should be changed similarly.
It looks like blurb has been updated, but just not blurb_it yet.
#58 created to fix
<html><head><title>500 Internal Server Error</title></head><body>
<h1>500 Internal Server Error</h1>
Server got itself in trouble
</body></html>
Dependabot couldn't authenticate with https://pypi.python.org/simple/.
You can provide authentication details in your Dependabot dashboard by clicking into the account menu (in the top right) and selecting 'Config variables'.
On the howto page (https://blurb-it.herokuapp.com/howto) there's a "sign in" link in the top right corner.
That leads to https://github.com/login/oauth/authorize?client_id=&scope=repo&redirect_uri=https:///add_blurb , which doesn't work
Links on other pages lead to https://github.com/login/oauth/authorize?client_id=Iv1.69e341975c50c540&scope=repo&redirect_uri=https://blurb-it.herokuapp.com/add_blurb instead (and work)
There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt
file.
See the changelog at https://devcenter.heroku.com/changelog-items/1699
Message:
Python version 2.7.17 is now available on all supported Heroku stacks.
See Python Supported Runtimes for more information.
(I'm a bot) π€
Blurb_it is meant to be used for CPython only.
While it hasn't happened yet, it is quite possible for people to install blurb_it on other repos.
Perhaps blurb_it can be proactive and refuse to be installed on repos other than username/CPython. So if someone tries installing it elsewhere, just remove it.
Using this endpoint, we can remove a repo from installation: https://developer.github.com/v3/apps/installations/#remove-repository-from-installation
There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt
file.
See the changelog at https://devcenter.heroku.com/changelog-items/1928
Message:
Python (CPython) 3.9.0 is now available on Heroku.
To read about whatβs changed, see Whatβs New In Python 3.9 .
The Python buildpack has recently migrated its assets to a new S3 bucket. As such apps will need
to be using the latest version of the Python buildpack
in order to use newly released Python versions.
For more information, see our page on Python Support .
(I'm a bot) π€
There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt
file.
See the changelog at https://devcenter.heroku.com/changelog-items/1833
Message:
Python (CPython) 3.8.5 is now available on Heroku.
For more information, see our page on Python Support .
(I'm a bot) π€
There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt
file.
See the changelog at https://devcenter.heroku.com/changelog-items/1722
Message:
New python runtimes Python 3.8.1, 3.7.6, 3.6.10 are now available on the platform.
Additionally, Pypy 2.7 and 3.6 version 7.2.0 are now also released to Beta on the platform.
For more information, see Python Supported Runtimes
(I'm a bot) π€
There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt
file.
See the changelog at https://devcenter.heroku.com/changelog-items/1679
Message:
Python 3.7.4 and 3.6.9 are now available on all stacks. See Heroku Python Support for more details.
The get-pip tool used by the Python Buildpack has also been updated.
(I'm a bot) π€
There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt
file.
See the changelog at https://devcenter.heroku.com/changelog-items/1830
Message:
Python (CPython) 3.8.4 is now available on Heroku.
For more information, see our page on Python Support .
(I'm a bot) π€
There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt
file.
See the changelog at https://devcenter.heroku.com/changelog-items/1888
Message:
Python (CPython) 3.8.6 is now available on Heroku.
For more information, see our page on Python Support .
(I'm a bot) π€
I have discussed with @Mariatta privately, and I was told to open a public issue, so here it is.
The view that launches blurb_it doesn't protect itself against CSRF attacks.
This means if I have a session on https://blurb-it.herokuapp.com/, and I visit, say, attacker.com
which contains the following script:
fetch("https://blurb-it.herokuapp.com/add_blurb", {
"credentials": "include",
"headers": {
"Content-Type": "application/x-www-form-urlencoded",
},
"body": "bpo_number=1&pr_number=1§ion=Security&news_entry=yay",
"method": "POST",
"mode": "cors"
});
then a blurb would be silently created.
I guess that this it not critical, given it would be reviewed before it's merged into CPython but still, that could make things strange for the victim who would have a blurb on their PR that they didn't create.
Mitigations would include:
<input type="hidden>
in the form. It's value would be checked on POST and if the form and the session differ, the POST would be rejected. This requires code, but would be enough on itself.SameSite
attribute be Lax
. This is discussed upstream in aiohttp & aiohttp-session: the option to pass a value for SameSite has been merged but not released yet in aiohttp and a ticket for making this available in aiohttp-session is openned. This would solve the problem on modern browsers, but old browsers would still be vulnerable. That being said, the target users of blurb_it most probably use modern browsers.I was hoping to use the we blurb_it to write a NEWS entry for someone's PR that currently lacked one while reviewing it. Unfortunately only appear to be able to grant it access to my own cpython fork rather than PR branches in other people's forks.
Obviously I can't grant it blanket write access to everything I have access to so I'm not sure there is anything that can be done about this. I'm just filing the issue to as a π¦ "wouldn't it be nice if" π¦ idea.
There are instructions on how to install (and uninstall) it, but then what?
There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt
file.
See the changelog at https://devcenter.heroku.com/changelog-items/1875
Message:
Python (CPython) 3.6.12 and 3.7.9 are now available on Heroku.
For more information, see our page on Python Support .
(I'm a bot) π€
There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt
file.
See the changelog at https://devcenter.heroku.com/changelog-items/1742
Message:
Python version 3.8.2 are now available on Heroku 16 and 18.
For more information, see our page on Python Support
(I'm a bot) π€
There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt
file.
See the changelog at https://devcenter.heroku.com/changelog-items/1821
Message:
Python (CPython) 3.6.11 and 3.7.8 are now available on Heroku.
For more information, see our page on Python Support .
(I'm a bot) π€
bedevere expects the news entry to be more than 30 characters (see python/bedevere#128 and python/bedevere#127)
It would be great if blurb-it checks that the news entry is more than than 30 characters.
Hey,
I was planning to package this tool for the Debian repositories and for it to happen, the initial requirement is to make a release so that I can get the tar and convert it into a package.
Thus, requesting you to please make a release of the same.
There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt
file.
See the changelog at https://devcenter.heroku.com/changelog-items/1880
Message:
Python (CPython) 3.5.10 is now available on Heroku.
Please note that after 2020-09-13 the upstream Python community will no longer be releasing new updates of Python 3.5 , so all customers using Python 3.5 should update to Python 3.6 or newer as soon as possible, to ensure they continue to receive security updates after that point.
For more information, see our page on Python Support .
(I'm a bot) π€
For some reasons1 my clone of cpython is not a repository on my user but on the https://github.com/chrysn-pull-requests, which is technically an organization.
I've gone through the initial setup steps of the blurb-it online app, and as part of that allowed it access to my repository https://github.com/chrysn-pull-requests/cpython, but after returning to https://blurb-it.herokuapp.com/, I still just see "Please install the blurb-it GitHub App, and enable it on your CPython repository." (Then when I follow the install link, GitHub shows it as already installed for chrysn-pull-requests and gives me a link to configure it).
Maybe this is just a recognition problem in the start page, and I can jump to the actual app with the right deep link?
Irrelevant to this PR, but if curious: I dislike how GitHub mangles the terms "forking" and "creating a branch", and thus keep a separate group of repositories that I do not intend to fork, but just have branches on. β©
It would be nice if blurb_it could also add the skip news
label for PRs where a NEWS
item is not needed. For me, the missing skip news
label is the most common reason why my CPython pull requests get the red cross.
The NEWS entry added by blurb-it does not contain a newline at the end of the file, which makes the Docs CI check fail since the addition of sphinx-lint in python/cpython#31097
See python/cpython#31266 :
Error: [1] ../Misc/NEWS.d/next/Documentation/2022-02-10-23-40-54.bpo-44953.ZvrfXw.rst:0: No newline at end of file (no-newline-at-end-of-file).
There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt
file.
See the changelog at https://devcenter.heroku.com/changelog-items/1804
Message:
Python (CPython) 2.7.18, 3.5.9, 3.7.7 and 3.8.3 are now available on Heroku.
Additionally, PyPy 2.7 and 3.6 version 7.3.1 are now also released to Beta.
For more information, see our page on Python Support .
(I'm a bot) π€
There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt
file.
See the changelog at https://devcenter.heroku.com/changelog-items/1698
Message:
Python version 3.7.5 is now available on all supported Heroku stacks.
In addition, support for new branch Python 3.8.0 was added.
See Python Supported Runtimes for more information.
(I'm a bot) π€
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.