python / blurb_it Goto Github PK

For new contributors, it's not clear how blurb_it works.

It would be great if there is a "How it works" page explaining this.

1. Login to blurb_it
2. Install blurb_it to their fork of the repo
3. fill in the form

Also clarify that this works for CPython only.

This page should be linked from the landing page.

Sample screenshots can be seen in: and additional info: https://discuss.python.org/t/blurb-it-is-now-available/528

I still see a field labeled bpo-on the "Blurb It!" form entry page. Presumably, this should be changed to gh-issue- and the output should be changed similarly.

It looks like blurb has been updated, but just not blurb_it yet.

#58 created to fix

Dependabot couldn't authenticate with https://pypi.python.org/simple/.

You can provide authentication details in your Dependabot dashboard by clicking into the account menu (in the top right) and selecting 'Config variables'.

View the update logs.

On the howto page (https://blurb-it.herokuapp.com/howto) there's a "sign in" link in the top right corner.

That leads to https://github.com/login/oauth/authorize?client_id=&scope=repo&redirect_uri=https:///add_blurb , which doesn't work

Links on other pages lead to https://github.com/login/oauth/authorize?client_id=Iv1.69e341975c50c540&scope=repo&redirect_uri=https://blurb-it.herokuapp.com/add_blurb instead (and work)

There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt file.

See the changelog at https://devcenter.heroku.com/changelog-items/1699
Message:
Python version 2.7.17 is now available on all supported Heroku stacks.

See Python Supported Runtimes for more information.

(I'm a bot) 🤖

Blurb_it is meant to be used for CPython only.
While it hasn't happened yet, it is quite possible for people to install blurb_it on other repos.

Perhaps blurb_it can be proactive and refuse to be installed on repos other than username/CPython. So if someone tries installing it elsewhere, just remove it.

Using this endpoint, we can remove a repo from installation: https://developer.github.com/v3/apps/installations/#remove-repository-from-installation

There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt file.

See the changelog at https://devcenter.heroku.com/changelog-items/1928
Message:
Python (CPython) 3.9.0 is now available on Heroku.

To read about what’s changed, see What’s New In Python 3.9 .

The Python buildpack has recently migrated its assets to a new S3 bucket. As such apps will need

to be using the latest version of the Python buildpack

in order to use newly released Python versions.

For more information, see our page on Python Support .

(I'm a bot) 🤖

There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt file.

See the changelog at https://devcenter.heroku.com/changelog-items/1833
Message:
Python (CPython) 3.8.5 is now available on Heroku.

For more information, see our page on Python Support .

(I'm a bot) 🤖

There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt file.

See the changelog at https://devcenter.heroku.com/changelog-items/1722
Message:
New python runtimes Python 3.8.1, 3.7.6, 3.6.10 are now available on the platform.

Additionally, Pypy 2.7 and 3.6 version 7.2.0 are now also released to Beta on the platform.

For more information, see Python Supported Runtimes

(I'm a bot) 🤖

There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt file.

See the changelog at https://devcenter.heroku.com/changelog-items/1679
Message:
Python 3.7.4 and 3.6.9 are now available on all stacks. See Heroku Python Support for more details.

The get-pip tool used by the Python Buildpack has also been updated.

(I'm a bot) 🤖

There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt file.

See the changelog at https://devcenter.heroku.com/changelog-items/1830
Message:
Python (CPython) 3.8.4 is now available on Heroku.

For more information, see our page on Python Support .

(I'm a bot) 🤖

There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt file.

See the changelog at https://devcenter.heroku.com/changelog-items/1888
Message:
Python (CPython) 3.8.6 is now available on Heroku.

For more information, see our page on Python Support .

(I'm a bot) 🤖

I have discussed with @Mariatta privately, and I was told to open a public issue, so here it is.

The view that launches blurb_it doesn't protect itself against CSRF attacks.
This means if I have a session on https://blurb-it.herokuapp.com/, and I visit, say, attacker.com which contains the following script:

fetch("https://blurb-it.herokuapp.com/add_blurb", {
    "credentials": "include",
    "headers": {
        "Content-Type": "application/x-www-form-urlencoded",
    },
    "body": "bpo_number=1&pr_number=1&section=Security&news_entry=yay",
    "method": "POST",
    "mode": "cors"
});

then a blurb would be silently created.

I guess that this it not critical, given it would be reviewed before it's merged into CPython but still, that could make things strange for the victim who would have a blurb on their PR that they didn't create.

Mitigations would include:

• Adding a CSRF token: a random string stored in the session, and added as <input type="hidden> in the form. It's value would be checked on POST and if the form and the session differ, the POST would be rejected. This requires code, but would be enough on itself.
• Making the aiohttp session cookie SameSite attribute be Lax. This is discussed upstream in aiohttp & aiohttp-session: the option to pass a value for SameSite has been merged but not released yet in aiohttp and a ticket for making this available in aiohttp-session is openned. This would solve the problem on modern browsers, but old browsers would still be vulnerable. That being said, the target users of blurb_it most probably use modern browsers.

I was hoping to use the we blurb_it to write a NEWS entry for someone's PR that currently lacked one while reviewing it. Unfortunately only appear to be able to grant it access to my own cpython fork rather than PR branches in other people's forks.

Obviously I can't grant it blanket write access to everything I have access to so I'm not sure there is anything that can be done about this. I'm just filing the issue to as a 🦄 "wouldn't it be nice if" 🦄 idea.

There are instructions on how to install (and uninstall) it, but then what?

There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt file.

See the changelog at https://devcenter.heroku.com/changelog-items/1875
Message:
Python (CPython) 3.6.12 and 3.7.9 are now available on Heroku.

For more information, see our page on Python Support .

(I'm a bot) 🤖

There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt file.

See the changelog at https://devcenter.heroku.com/changelog-items/1742
Message:
Python version 3.8.2 are now available on Heroku 16 and 18.

For more information, see our page on Python Support

(I'm a bot) 🤖

There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt file.

See the changelog at https://devcenter.heroku.com/changelog-items/1821
Message:
Python (CPython) 3.6.11 and 3.7.8 are now available on Heroku.

For more information, see our page on Python Support .

(I'm a bot) 🤖

bedevere expects the news entry to be more than 30 characters (see python/bedevere#128 and python/bedevere#127)

It would be great if blurb-it checks that the news entry is more than than 30 characters.

Hey,

I was planning to package this tool for the Debian repositories and for it to happen, the initial requirement is to make a release so that I can get the tar and convert it into a package.

Thus, requesting you to please make a release of the same.

There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt file.

See the changelog at https://devcenter.heroku.com/changelog-items/1880
Message:
Python (CPython) 3.5.10 is now available on Heroku.

Please note that after 2020-09-13 the upstream Python community will no longer be releasing new updates of Python 3.5 , so all customers using Python 3.5 should update to Python 3.6 or newer as soon as possible, to ensure they continue to receive security updates after that point.

For more information, see our page on Python Support .

(I'm a bot) 🤖

For some reasons¹ my clone of cpython is not a repository on my user but on the https://github.com/chrysn-pull-requests, which is technically an organization.

I've gone through the initial setup steps of the blurb-it online app, and as part of that allowed it access to my repository https://github.com/chrysn-pull-requests/cpython, but after returning to https://blurb-it.herokuapp.com/, I still just see "Please install the blurb-it GitHub App, and enable it on your CPython repository." (Then when I follow the install link, GitHub shows it as already installed for chrysn-pull-requests and gives me a link to configure it).

Maybe this is just a recognition problem in the start page, and I can jump to the actual app with the right deep link?

It would be nice if blurb_it could also add the skip news label for PRs where a NEWS item is not needed. For me, the missing skip news label is the most common reason why my CPython pull requests get the red cross.

The NEWS entry added by blurb-it does not contain a newline at the end of the file, which makes the Docs CI check fail since the addition of sphinx-lint in python/cpython#31097

See python/cpython#31266 :

Error: [1] ../Misc/NEWS.d/next/Documentation/2022-02-10-23-40-54.bpo-44953.ZvrfXw.rst:0: No newline at end of file (no-newline-at-end-of-file).

There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt file.

See the changelog at https://devcenter.heroku.com/changelog-items/1804
Message:
Python (CPython) 2.7.18, 3.5.9, 3.7.7 and 3.8.3 are now available on Heroku.

Additionally, PyPy 2.7 and 3.6 version 7.3.1 are now also released to Beta.

For more information, see our page on Python Support .

(I'm a bot) 🤖

There's a new Python runtime enviornment in Heroku. You might want to update the bot to use the new environment by editing the runtime.txt file.

See the changelog at https://devcenter.heroku.com/changelog-items/1698
Message:
Python version 3.7.5 is now available on all supported Heroku stacks.

In addition, support for new branch Python 3.8.0 was added.

See Python Supported Runtimes for more information.

(I'm a bot) 🤖