dependabot[bot] 6a0249955a
Bump bandit from 1.7.2 to 1.7.7 in /spiffworkflow-backend (#945)
Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.2 to 1.7.7.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.2...1.7.7)

---
updated-dependencies:
- dependency-name: bandit
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-02 10:43:52 -08:00

239 lines
7.4 KiB
TOML

[tool.poetry]
name = "spiffworkflow-backend"
version = "0.0.0"
description = "Spiffworkflow Backend"
authors = ["Sartography <sartography@users.noreply.github.com>"]
license = "LGPL-2.1"
readme = "README.rst"
homepage = "https://spiffworkflow.org"
repository = "https://github.com/sartography/spiff-arena"
documentation = "https://spiff-arena.readthedocs.io"
classifiers = [
"Development Status :: 4 - Beta",
]
[tool.poetry.urls]
Changelog = "https://github.com/orgs/sartography/packages?repo_name=spiff-arena"
[tool.poetry.dependencies]
python = ">=3.10,<3.13"
flask = "2.2.5"
flask-admin = "*"
flask-bcrypt = "*"
flask-cors = "*"
flask-jwt-extended = "^4.4.4"
flask-mail = "*"
flask-marshmallow = "*"
flask-migrate = "*"
flask-restful = "*"
SpiffWorkflow = {git = "https://github.com/sartography/SpiffWorkflow", rev = "main"}
# SpiffWorkflow = {develop = true, path = "../../spiffworkflow/" }
# SpiffWorkflow = {develop = true, path = "../../SpiffWorkflow/" }
sentry-sdk = "^1.10"
# sphinx-autoapi = "^2.0"
psycopg2 = "^2.9.3"
typing-extensions = "^4.4.0"
spiffworkflow-connector-command = {git = "https://github.com/sartography/spiffworkflow-connector-command.git", rev = "main"}
# pinned to higher than 65.5.0 because of a vulnerability
# and to lower than 67 because i didn't feel like addressing
# new deprecation warnings. we don't need this library explicitly,
# but at one time it was pulled in by various libs we depend on.
setuptools = "^65.5.1"
# we cannot upgrade werkzeug due to connexion. See comment in .snyk file
werkzeug = "^2.3"
connexion = {extras = [ "swagger-ui",], version = "^2"}
lxml = "^4.9.1"
marshmallow-enum = "^1.5.1"
PyJWT = "^2.6.0"
gunicorn = "^21.0.0"
APScheduler = "*"
Jinja2 = "^3.1.3"
RestrictedPython = "^7.0"
Flask-SQLAlchemy = "^3"
# https://github.com/dropbox/sqlalchemy-stubs/pull/251
# someday get off github
# sqlalchemy-stubs = "^0.4"
# sqlalchemy-stubs = { git = "https://github.com/dropbox/sqlalchemy-stubs.git", rev = "master" }
# sqlalchemy-stubs = {develop = true, path = "/Users/kevin/projects/github/sqlalchemy-stubs"}
# for now use my fork
sqlalchemy-stubs = { git = "https://github.com/burnettk/sqlalchemy-stubs.git", rev = "scoped-session-delete" }
simplejson = "^3.17.6"
pytz = "^2023.3"
dateparser = "^1.2.0"
cryptography = "^42.0"
prometheus-flask-exporter = "^0.22.3"
sqlalchemy = "^2.0.7"
marshmallow-sqlalchemy = "^0.29.0"
spiff-element-units = "^0.3.1"
# mysqlclient lib is deemed better than the mysql-connector-python lib by sqlalchemy
# https://docs.sqlalchemy.org/en/20/dialects/mysql.html#module-sqlalchemy.dialects.mysql.mysqlconnector
mysqlclient = "^2.2.0"
flask-session = "^0.5.0"
flask-oauthlib = "^0.9.6"
celery = {extras = ["redis"], version = "^5.3.5"}
celery-stubs = "^0.1.3"
jsonschema = "^4.20.0"
chardet = "^5.2.0"
[tool.poetry.scripts]
spiffworkflow-backend = "spiffworkflow_backend.__main__:main"
[tool.poetry.group.dev.dependencies]
pytest = "^7.1.2"
coverage = {extras = ["toml"], version = "^6.1"}
safety = "^2.3.5"
mypy = ">=0.961"
typeguard = "^4"
xdoctest = {extras = ["colors"], version = "^1.1.3"}
pre-commit = "^2.20.0"
black = ">=21.10b0"
ruff = "^0.1.7"
pytest-random-order = "^1.1.0"
pytest-flask = "^1.2.0"
pytest-flask-sqlalchemy = "^1.1.0"
pytest-xdist = "^3.3.1"
# 1.7.3 broke us. https://github.com/PyCQA/bandit/issues/841
bandit = "1.7.7"
# flask-sqlalchemy-stubs = "^0.2"
pre-commit-hooks = "^4.0.1"
Pygments = "^2.10.0"
# type hinting stuff
types-dateparser = "^1.1.4.1"
types-Werkzeug = "^1.0.9"
types-PyYAML = "^6.0.12"
types-Flask = "^1.1.6"
types-requests = "^2.28.6"
types-pytz = "^2022.1.1"
[tool.pytest.ini_options]
# ignore deprecation warnings from various packages that we don't control
filterwarnings = [
# note the use of single quote below to denote "raw" strings in TOML
# kombu/utils/compat.py:82
'ignore:SelectableGroups dict interface is deprecated. Use select.',
# flask_marshmallow/__init__.py:34
# marshmallow_sqlalchemy/convert.py:17
'ignore:distutils Version classes are deprecated. Use packaging.version instead.',
# connexion/json_schema.py:17
'ignore:jsonschema.exceptions.RefResolutionError is deprecated as of version 4.18.0',
'ignore:jsonschema.RefResolver is deprecated as of v4.18.0',
# connexion/spec.py:50
'ignore:Passing a schema to Validator.iter_errors is deprecated and will be removed in a future release',
# connexion/decorators/validation.py:16
'ignore:Accessing jsonschema.draft4_format_checker is deprecated and will be removed in a future release.',
# connexion/apis/flask_api.py:236
"ignore:'_request_ctx_stack' is deprecated and will be removed in Flask 2.3",
"ignore:Setting 'json_encoder' on the app or a blueprint is deprecated and will be removed in Flask 2.3",
"ignore:'JSONEncoder' is deprecated and will be removed in Flask 2.3",
"ignore:'app.json_encoder' is deprecated and will be removed in Flask 2.3",
# SpiffWorkflow/bpmn/PythonScriptEngineEnvironment.py
'ignore:The usage of Box has been deprecated',
# dateutil/tz/tz.py:37
'ignore:datetime\.datetime\.utcfromtimestamp\(\) is deprecated:DeprecationWarning',
]
[tool.coverage.paths]
source = ["src", "*/site-packages"]
tests = ["tests", "*/tests"]
[tool.coverage.run]
branch = true
source = ["spiffworkflow_backend", "tests"]
[tool.coverage.report]
show_missing = true
fail_under = 50
[tool.mypy]
strict = true
disallow_any_generics = false
warn_unreachable = true
pretty = true
show_column_numbers = true
show_error_codes = true
show_error_context = true
plugins = "sqlmypy"
# We get 'error: Module has no attribute "set_context"' for sentry-sdk without this option
implicit_reexport = true
# allow for subdirs to NOT require __init__.py
namespace_packages = true
explicit_package_bases = false
# [tool.pyright]
# Pyright: Import "flask" could not be resolved
# ultimately resolved by creating a pyrightconfig.json file with venv and venvPath
# Pyright: "hey" is not accessed
# See: https://github.com/microsoft/pyright/discussions/3929#discussioncomment-5434231
# "Those are not warnings" and cannot be turned off like this:
# reportUnusedVariable = false
# solution was https://www.reddit.com/r/neovim/comments/11k5but/comment/jbjwwtf in vim settings
[tool.ruff]
select = [
# "ANN", # flake8-annotations
"ASYNC", # flake8-async
"B", # flake8-bugbear
# "BLE", # flake8-blind-except
"C", # mccabe
# "D", # pydocstyle
"E", # pycodestyle error
# "ERA", # eradicate
"F", # pyflakes
# "FBT", # flake8-boolean-trap
"N", # pep8-naming
"PL", # pylint
"S", # flake8-bandit
"T", # flake8-print
"UP", # pyupgrade
"W", # pycodestyle warning
"I", # isort
"YTT", # flake8-2020
]
ignore = [
"C901", # "complexity" category
"PLR", # "refactoring" category has "too many lines in method" type stuff
"PLC1901",
"PLE1205" # saw this Too many arguments for `logging` format string give a false positive once
]
line-length = 130
# target python 3.10
target-version = "py310"
exclude = [
"migrations"
]
[tool.ruff.per-file-ignores]
"migrations/versions/*.py" = ["E501"]
"tests/**/*.py" = ["PLR2004", "S101"] # PLR2004 is about magic vars, S101 allows assert
"bin/*.py" = ["T"] # it's ok to print things in scripts
[tool.ruff.isort]
force-single-line = true
# pip install fixit && fixit fix -a src
[tool.fixit]
disable = [
"fixit.rules:CompareSingletonPrimitivesByIs",
]
[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"