diff --git a/Dockerfile b/Dockerfile
index 36d75b5..834393e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
# syntax = docker/dockerfile:1.4
-FROM python:3.10 AS compile-stage
+FROM python:3.13.0a4-slim AS compile-stage
RUN --mount=type=cache,target=/var/cache/apt \
apt update && \
apt install -y --no-install-recommends \
@@ -19,3 +19,4 @@ RUN --mount=type=cache,target=/root/.cache \
FROM compile-stage AS tests-stage
+USER nobody
\ No newline at end of file
diff --git a/Taskfile.yaml b/Taskfile.yaml
index 290efab..08fdfec 100644
--- a/Taskfile.yaml
+++ b/Taskfile.yaml
@@ -68,7 +68,7 @@ tasks:
- docker compose run --rm web python pythonie/manage.py migrate
django:collect-static:
- desc: Make migrations
+ desc: Make static resources
cmds:
- docker compose run --rm web python pythonie/manage.py collectstatic
diff --git a/pythonie/core/templates/base.html b/pythonie/core/templates/base.html
index a989652..b2c1a8a 100644
--- a/pythonie/core/templates/base.html
+++ b/pythonie/core/templates/base.html
@@ -17,7 +17,8 @@
-
+
@@ -56,7 +57,10 @@
{% endcompress %}
{% block basejs %}
-
+
+
diff --git a/pythonie/meetups/test_meetups.py b/pythonie/meetups/test_meetups.py
index 9ee50d9..cbcda36 100644
--- a/pythonie/meetups/test_meetups.py
+++ b/pythonie/meetups/test_meetups.py
@@ -10,9 +10,9 @@
description = (
"We will be having a meetup in June. More details to follow."
"
If you are interested in speaking, please submit your "
- 'details to\xa0'
- ''
- "http://bit.ly/pyie-cfp-2015.
Enquiries? Please "
+ 'details to\xa0'
+ ''
+ "https://bit.ly/pyie-cfp-2015.
Enquiries? Please "
"contact contact@python.ie.
"
)
@@ -60,7 +60,7 @@ def _first_result(self):
"description": description,
"name": "Python Ireland meetup",
"event_url": (
- "http://www.meetup.com/pythonireland/" "events/221078098/"
+ "https://www.meetup.com/pythonireland/" "events/221078098/"
),
"headcount": 0,
"time": 1433957400000,
@@ -123,7 +123,7 @@ def test_update_first_run(self, mock_get_content):
self.assertEqual(meetup.visibility, "public")
self.assertEqual(
meetup.event_url,
- ("http://www.meetup.com/" "pythonireland/events/221078098/"),
+ ("https://www.meetup.com/" "pythonireland/events/221078098/"),
)
@patch("meetups.utils.get_content")
diff --git a/pythonie/pythonie/settings/dev.py b/pythonie/pythonie/settings/dev.py
index acc5db5..ab13d7d 100644
--- a/pythonie/pythonie/settings/dev.py
+++ b/pythonie/pythonie/settings/dev.py
@@ -4,7 +4,7 @@
DEBUG = True
-SECRET_KEY = "1185a082-7e72-449e-bf43-12d2da59222b" # Just for dev
+SECRET_KEY = "1185a082-7e72-449e-bf43-12d2da59222b" # just for dev #nosec B105
MEETUP_KEY = "" # Put your own key here.
# See https://secure.meetup.com/meetup_api/key/
diff --git a/pythonie/pythonie/settings/tests.py b/pythonie/pythonie/settings/tests.py
index aa6c9cb..bc89219 100644
--- a/pythonie/pythonie/settings/tests.py
+++ b/pythonie/pythonie/settings/tests.py
@@ -4,7 +4,7 @@
DEBUG = True
-SECRET_KEY = "1185a082-7e72-449e-bf43-12d2da59222b" # Just for dev
+SECRET_KEY = "1185a082-7e72-449e-bf43-12d2da59222b" #nosec B105 # Just for dev
MEETUP_KEY = "" # Put your own key here.
# See https://secure.meetup.com/meetup_api/key/
diff --git a/pythonie/speakers/management/commands/import-sessionize.py b/pythonie/speakers/management/commands/import-sessionize.py
index fb1daf4..6e5c4bd 100644
--- a/pythonie/speakers/management/commands/import-sessionize.py
+++ b/pythonie/speakers/management/commands/import-sessionize.py
@@ -4,7 +4,6 @@
import numpy as np
import pandas as pd
from django.core.management.base import BaseCommand, CommandParser
-from django.utils.text import slugify
from wagtail.core.models import Page
from speakers.models import Speaker, Room, Session
diff --git a/pythonie/speakers/management/commands/update-sessionize-json-stream.py b/pythonie/speakers/management/commands/update-sessionize-json-stream.py
index 6ba3624..d21d7fc 100644
--- a/pythonie/speakers/management/commands/update-sessionize-json-stream.py
+++ b/pythonie/speakers/management/commands/update-sessionize-json-stream.py
@@ -51,7 +51,7 @@ class SessionizeModel(pydantic.BaseModel):
class Command(BaseCommand):
def handle(self, *args, **kwargs):
- response = requests.get("https://sessionize.com/api/v2/z66z4kb6/view/All")
+ response = requests.get("https://sessionize.com/api/v2/z66z4kb6/view/All", timeout=500)
sessionize: SessionizeModel = SessionizeModel.parse_obj(response.json())
rooms = {}
diff --git a/pythonie/speakers/templates/speakers/session.html b/pythonie/speakers/templates/speakers/session.html
index a643438..720d01c 100644
--- a/pythonie/speakers/templates/speakers/session.html
+++ b/pythonie/speakers/templates/speakers/session.html
@@ -27,7 +27,7 @@ {{ self.name }}
{{ speaker.name }}
- {{ speaker.biography|safe }}
+ {{ speaker.biography }}
|
{% endfor %}
diff --git a/requirements/dev.in b/requirements/dev.in
index f80f762..d7d64a5 100644
--- a/requirements/dev.in
+++ b/requirements/dev.in
@@ -1,10 +1,12 @@
# dev.in
-c main.txt
+bandit
black
coverage
+django-debug-toolbar
fakeredis
flake8
isort
model-mommy
-pipdeptree
-django-debug-toolbar
\ No newline at end of file
+pip-tools
+pipdeptree
\ No newline at end of file
diff --git a/requirements/dev.txt b/requirements/dev.txt
index f5a7548..ebdac43 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -1,62 +1,116 @@
-asgiref==3.6.0
+#
+# This file is autogenerated by pip-compile with Python 3.9
+# by the following command:
+#
+# pip-compile dev.in
+#
+asgiref==3.8.1
# via
- # -c requirements/main.txt
+ # -c main.txt
# django
-async-timeout==4.0.2
+async-timeout==4.0.3
# via
- # -c requirements/main.txt
+ # -c main.txt
# redis
-black==23.3.0
- # via -r requirements/dev.in
-click==8.1.3
- # via black
-coverage==7.2.2
- # via -r requirements/dev.in
-django==3.2.18
+bandit==1.7.8
+ # via -r dev.in
+black==24.3.0
+ # via -r dev.in
+build==1.1.1
+ # via pip-tools
+click==8.1.7
+ # via
+ # black
+ # pip-tools
+coverage==7.4.4
+ # via -r dev.in
+django==3.2.25
# via
- # -c requirements/main.txt
+ # -c main.txt
# django-debug-toolbar
# model-mommy
-django-debug-toolbar==3.8.1
- # via -r requirements/dev.in
-fakeredis==2.10.2
- # via -r requirements/dev.in
-flake8==6.0.0
- # via -r requirements/dev.in
-isort==5.12.0
- # via -r requirements/dev.in
+django-debug-toolbar==4.3.0
+ # via -r dev.in
+fakeredis==2.21.3
+ # via -r dev.in
+flake8==7.0.0
+ # via -r dev.in
+importlib-metadata==7.1.0
+ # via build
+isort==5.13.2
+ # via -r dev.in
+markdown-it-py==3.0.0
+ # via rich
mccabe==0.7.0
# via flake8
+mdurl==0.1.2
+ # via markdown-it-py
model-mommy==2.0.0
- # via -r requirements/dev.in
+ # via -r dev.in
mypy-extensions==1.0.0
# via black
-packaging==23.0
- # via black
-pathspec==0.11.1
+packaging==24.0
+ # via
+ # -c main.txt
+ # black
+ # build
+pathspec==0.12.1
# via black
-pipdeptree==2.7.0
- # via -r requirements/dev.in
-platformdirs==3.2.0
+pbr==6.0.0
+ # via stevedore
+pip-tools==7.4.1
+ # via -r dev.in
+pipdeptree==2.16.1
+ # via -r dev.in
+platformdirs==4.2.0
# via black
-pycodestyle==2.10.0
+pycodestyle==2.11.1
# via flake8
-pyflakes==3.0.1
+pyflakes==3.2.0
# via flake8
-pytz==2023.3
+pygments==2.17.2
+ # via rich
+pyproject-hooks==1.0.0
# via
- # -c requirements/main.txt
+ # build
+ # pip-tools
+pytz==2024.1
+ # via
+ # -c main.txt
# django
-redis==4.5.4
+pyyaml==6.0.1
+ # via bandit
+redis==5.0.3
# via
- # -c requirements/main.txt
+ # -c main.txt
# fakeredis
+rich==13.7.1
+ # via bandit
sortedcontainers==2.4.0
# via fakeredis
-sqlparse==0.4.3
+sqlparse==0.4.4
# via
- # -c requirements/main.txt
+ # -c main.txt
# django
# django-debug-toolbar
+stevedore==5.2.0
+ # via bandit
tomli==2.0.1
- # via black
+ # via
+ # black
+ # build
+ # pip-tools
+ # pyproject-hooks
+typing-extensions==4.10.0
+ # via
+ # -c main.txt
+ # asgiref
+ # black
+wheel==0.43.0
+ # via pip-tools
+zipp==3.18.1
+ # via importlib-metadata
+
+# The following packages are considered to be unsafe in a requirements file:
+# pip
+# setuptools
diff --git a/requirements/main.in b/requirements/main.in
index b27a7b8..827d9bc 100644
--- a/requirements/main.in
+++ b/requirements/main.in
@@ -13,7 +13,7 @@ django-libsass
django-modelcluster
django-storages
django-taggit
-gunicorn
+gunicorn>=22.0.0
pandas
pydantic
python-dateutil
@@ -21,7 +21,8 @@ pytz
redis
requests
wagtail
-wagtail-blog
+# important to pin that version until that dependency is removed
+wagtail-blog==2.3.5
wagtailfontawesome
wagtailnews
whitenoise
\ No newline at end of file
diff --git a/requirements/main.txt b/requirements/main.txt
index 6a42d2b..56eeed1 100644
--- a/requirements/main.txt
+++ b/requirements/main.txt
@@ -1,36 +1,44 @@
+#
+# This file is autogenerated by pip-compile with Python 3.9
+# by the following command:
+#
+# pip-compile main.in
+#
+annotated-types==0.6.0
+ # via pydantic
anyascii==0.3.2
# via wagtail
-asgiref==3.6.0
+asgiref==3.8.1
# via django
-async-timeout==4.0.2
+async-timeout==4.0.3
# via redis
-babel==2.12.1
+babel==2.14.0
# via delorean
beautifulsoup4==4.9.3
# via wagtail
-boto3==1.26.104
- # via -r requirements/main.in
-botocore==1.29.104
+boto3==1.34.69
+ # via -r main.in
+botocore==1.34.69
# via
# boto3
# s3transfer
-certifi==2022.12.7
+certifi==2024.2.2
# via requests
-charset-normalizer==3.1.0
+charset-normalizer==3.3.2
# via requests
colander==2.0
- # via -r requirements/main.in
+ # via -r main.in
defusedxml==0.7.1
- # via -r requirements/main.in
+ # via -r main.in
delorean==1.0.0
- # via -r requirements/main.in
-dj-database-url==1.3.0
- # via -r requirements/main.in
+ # via -r main.in
+dj-database-url==2.1.0
+ # via -r main.in
dj-static==0.0.6
- # via -r requirements/main.in
-django==3.2.18
+ # via -r main.in
+django==3.2.25
# via
- # -r requirements/main.in
+ # -r main.in
# dj-database-url
# django-appconf
# django-extensions
@@ -42,45 +50,45 @@ django==3.2.18
# wagtail
# wagtail-blog
# wagtailfontawesome
-django-appconf==1.0.5
+django-appconf==1.0.6
# via django-compressor
-django-compressor==4.3.1
+django-compressor==4.4
# via
- # -r requirements/main.in
+ # -r main.in
# django-libsass
-django-extensions==3.2.1
- # via -r requirements/main.in
+django-extensions==3.2.3
+ # via -r main.in
django-filter==21.1
# via wagtail
django-libsass==0.9
- # via -r requirements/main.in
+ # via -r main.in
django-modelcluster==5.3
# via
- # -r requirements/main.in
+ # -r main.in
# wagtail
-django-storages==1.13.2
- # via -r requirements/main.in
+django-storages==1.14.2
+ # via -r main.in
django-taggit==2.1.0
# via
- # -r requirements/main.in
+ # -r main.in
# wagtail
-django-treebeard==4.6.1
+django-treebeard==4.7.1
# via wagtail
-djangorestframework==3.14.0
+djangorestframework==3.15.1
# via wagtail
draftjs-exporter==2.1.7
# via wagtail
et-xmlfile==1.1.0
# via openpyxl
-gunicorn==20.1.0
- # via -r requirements/main.in
+gunicorn==22.0.0
+ # via -r main.in
html5lib==1.1
# via wagtail
-humanize==4.6.0
+humanize==4.9.0
# via delorean
-idna==3.4
+idna==3.6
# via requests
-iso8601==1.1.0
+iso8601==2.1.0
# via colander
jmespath==1.0.1
# via
@@ -88,105 +96,105 @@ jmespath==1.0.1
# botocore
l18n==2021.3
# via wagtail
-libsass==0.22.0
+libsass==0.23.0
# via django-libsass
-lxml==4.9.2
+lxml==5.1.0
# via wagtail-blog
-numpy==1.24.2
+numpy==1.26.4
# via pandas
openpyxl==3.1.2
# via tablib
-pandas==1.5.3
- # via -r requirements/main.in
+packaging==24.0
+ # via gunicorn
+pandas==2.2.1
+ # via -r main.in
pillow==9.5.0
# via wagtail
-pydantic==1.10.7
- # via -r requirements/main.in
-python-dateutil==2.8.2
+pydantic==2.6.4
+ # via -r main.in
+pydantic-core==2.16.3
+ # via pydantic
+python-dateutil==2.9.0.post0
# via
- # -r requirements/main.in
+ # -r main.in
# botocore
# delorean
# pandas
-pytz==2023.3
+pytz==2024.1
# via
- # -r requirements/main.in
+ # -r main.in
# delorean
# django
# django-modelcluster
- # djangorestframework
# l18n
# pandas
-pytz-deprecation-shim==0.1.0.post0
- # via tzlocal
rcssmin==1.1.1
# via django-compressor
-redis==4.5.4
- # via -r requirements/main.in
-requests==2.28.2
+redis==5.0.3
+ # via -r main.in
+requests==2.31.0
# via
- # -r requirements/main.in
+ # -r main.in
# wagtail
# wagtail-blog
rjsmin==1.2.1
# via django-compressor
-s3transfer==0.6.0
+s3transfer==0.10.1
# via boto3
six==1.16.0
# via
# html5lib
# l18n
# python-dateutil
-soupsieve==2.4
+soupsieve==2.5
# via beautifulsoup4
-sqlparse==0.4.3
+sqlparse==0.4.4
# via django
static3==0.7.0
# via dj-static
-tablib[xls,xlsx]==3.4.0
+tablib[xls,xlsx]==3.6.0
# via wagtail
-telepath==0.3
+telepath==0.3.1
# via wagtail
translationstring==1.4
# via colander
-typing-extensions==4.5.0
+typing-extensions==4.10.0
# via
+ # asgiref
# dj-database-url
# pydantic
-tzdata==2023.3
- # via pytz-deprecation-shim
-tzlocal==4.3
+ # pydantic-core
+tzdata==2024.1
+ # via pandas
+tzlocal==5.2
# via delorean
-urllib3==1.26.15
+urllib3==1.26.18
# via
# botocore
# requests
wagtail==2.16.3
# via
- # -r requirements/main.in
+ # -r main.in
# wagtail-blog
# wagtailfontawesome
# wagtailnews
wagtail-blog==2.3.5
- # via -r requirements/main.in
+ # via -r main.in
wagtailfontawesome==1.2.1
- # via -r requirements/main.in
+ # via -r main.in
wagtailnews==2.7.2
- # via -r requirements/main.in
+ # via -r main.in
webencodings==0.5.1
# via html5lib
-whitenoise==6.4.0
- # via -r requirements/main.in
+whitenoise==6.6.0
+ # via -r main.in
willow==1.4.1
# via
- # -r requirements/main.in
+ # -r main.in
# wagtail
xlrd==2.0.1
# via tablib
-xlsxwriter==3.0.9
+xlsxwriter==3.2.0
# via wagtail
xlwt==1.3.0
# via tablib
-
-# The following packages are considered to be unsafe in a requirements file:
-# setuptools
diff --git a/requirements/production.txt b/requirements/production.txt
index 35ec844..2a63464 100644
--- a/requirements/production.txt
+++ b/requirements/production.txt
@@ -1,2 +1,8 @@
-psycopg2-binary==2.9.6
- # via -r requirements/production.in
+#
+# This file is autogenerated by pip-compile with Python 3.9
+# by the following command:
+#
+# pip-compile production.in
+#
+psycopg2-binary==2.9.9
+ # via -r production.in