jazzband / website Goto Github PK

Dependabot can't resolve your Python dependency files.

As a result, Dependabot couldn't update your dependencies.

The error Dependabot encountered was:

Could not find a version that satisfies the requirement kombu==4.2.2 (from versions: 0.1.0, 0.2.0, 0.9.0, 0.9.1, 0.9.2, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 1.0.0b1, 1.0.0b2, 1.0.0b3, 1.0.0b4, 1.0.0rc1, 1.0.0rc2, 1.0.0rc3, 1.0.0rc4, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.5.0, 1.5.1, 2.0.0, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.5.10, 2.5.11, 2.5.12, 2.5.13, 2.5.14, 2.5.15, 2.5.16, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.0.20, 3.0.21, 3.0.22, 3.0.23, 3.0.24, 3.0.25, 3.0.26, 3.0.27, 3.0.28, 3.0.29, 3.0.30, 3.0.31, 3.0.32, 3.0.33, 3.0.34, 3.0.35, 3.0.36, 3.0.37, 4.0.0rc3, 4.0.0rc4, 4.0.0rc5, 4.0.0rc6, 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.2.0, 4.2.1, 4.2.2.post1)
Traceback (most recent call last):
  File "/usr/local/.pyenv/versions/3.6.8/bin/pip-compile", line 11, in <module>
    sys.exit(cli())
  File "/usr/local/.pyenv/versions/3.6.8/lib/python3.6/site-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/.pyenv/versions/3.6.8/lib/python3.6/site-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/local/.pyenv/versions/3.6.8/lib/python3.6/site-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/.pyenv/versions/3.6.8/lib/python3.6/site-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/.pyenv/versions/3.6.8/lib/python3.6/site-packages/piptools/scripts/compile.py", line 191, in cli
    results = resolver.resolve(max_rounds=max_rounds)
  File "/usr/local/.pyenv/versions/3.6.8/lib/python3.6/site-packages/piptools/resolver.py", line 101, in resolve
    has_changed, best_matches = self._resolve_one_round()
  File "/usr/local/.pyenv/versions/3.6.8/lib/python3.6/site-packages/piptools/resolver.py", line 198, in _resolve_one_round
    for dep in self._iter_dependencies(best_match):
  File "/usr/local/.pyenv/versions/3.6.8/lib/python3.6/site-packages/piptools/resolver.py", line 284, in _iter_dependencies
    dependencies = self.repository.get_dependencies(ireq)
  File "/usr/local/.pyenv/versions/3.6.8/lib/python3.6/site-packages/piptools/repositories/local.py", line 65, in get_dependencies
    return self.repository.get_dependencies(ireq)
  File "/usr/local/.pyenv/versions/3.6.8/lib/python3.6/site-packages/piptools/repositories/pypi.py", line 217, in get_dependencies
    self._dependencies_cache[ireq] = self.resolve_reqs(download_dir, ireq, wheel_cache)
  File "/usr/local/.pyenv/versions/3.6.8/lib/python3.6/site-packages/piptools/repositories/pypi.py", line 183, in resolve_reqs
    results = resolver._resolve_one(reqset, ireq)
  File "/usr/local/.pyenv/versions/3.6.8/lib/python3.6/site-packages/pip/_internal/resolve.py", line 256, in _resolve_one
    abstract_dist = self._get_abstract_dist_for(req_to_install)
  File "/usr/local/.pyenv/versions/3.6.8/lib/python3.6/site-packages/pip/_internal/resolve.py", line 209, in _get_abstract_dist_for
    self.require_hashes
  File "/usr/local/.pyenv/versions/3.6.8/lib/python3.6/site-packages/pip/_internal/operations/prepare.py", line 218, in prepare_linked_requirement
    req.populate_link(finder, upgrade_allowed, require_hashes)
  File "/usr/local/.pyenv/versions/3.6.8/lib/python3.6/site-packages/pip/_internal/req/req_install.py", line 164, in populate_link
    self.link = finder.find_requirement(self, upgrade)
  File "/usr/local/.pyenv/versions/3.6.8/lib/python3.6/site-packages/pip/_internal/index.py", line 621, in find_requirement
    'No matching distribution found for %s' % req
pip._internal.exceptions.DistributionNotFound: No matching distribution found for kombu==4.2.2

If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.

You can mention @dependabot in the comments below to contact the Dependabot team.

jazzband/help#197 has been merged, which closed jazzband/help#188.

That said, we should update the website to tell users to select the correct template, rather than asking to apply labels.

Hello, community! I've encountered an unexpected behavior in my Django project. Each time an authorized API call is made using a bearer token (specifically a simple JWT), a database query is executed to retrieve user details, even though JWT Authentication is supposed to eliminate the need for database validation. Could someone help me understand the reason behind these database queries and suggest a solution to avoid them while still ensuring proper authentication through JWT? Your insights would be greatly appreciated!

Overview:
When cloning the repo and running it locally on a Mac, the site is not accessible at port 5000.

Steps to reproduce:

1. cloning the repo
2. rename .env-dist to .env
3. running make build and make run

Expected behavior:
The site is accessible at localhost:5000

Actual behavior:

1. localhost:5000 does not connect
2. The following is output to the command line:
   

in text form:

Jamess-MacBook-Pro-3:website jamestimmins$ make run
docker-compose up
Starting website_db_1    ... done
Starting website_app_1   ... done
Starting website_redis_1 ... done
Starting website_web_1    ... done
Starting website_worker_1 ... done
Attaching to website_app_1, website_redis_1, website_db_1, website_worker_1, website_web_1
redis_1   | 1:C 20 Nov 21:26:34.096 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
redis_1   | 1:C 20 Nov 21:26:34.096 # Redis version=4.0.2, bits=64, commit=00000000, modified=0, pid=1, just started
redis_1   | 1:C 20 Nov 21:26:34.096 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
redis_1   | 1:M 20 Nov 21:26:34.100 * Running mode=standalone, port=6379.
redis_1   | 1:M 20 Nov 21:26:34.100 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
redis_1   | 1:M 20 Nov 21:26:34.100 # Server initialized
app_1     | Waiting for db to respond...
app_1     | Waiting for redis to respond...
db_1      | LOG:  database system was shut down at 2018-11-20 21:24:31 UTC
redis_1   | 1:M 20 Nov 21:26:34.102 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
worker_1  | Waiting for redis to respond...
db_1      | LOG:  MultiXact member wraparound protections are now enabled
db_1      | LOG:  database system is ready to accept connections
db_1      | LOG:  autovacuum launcher started
redis_1   | 1:M 20 Nov 21:26:34.102 * DB loaded from disk: 0.000 seconds
redis_1   | 1:M 20 Nov 21:26:34.103 * Ready to accept connections
web_1     | Waiting for db to respond...
web_1     | Waiting for redis to respond...
worker_1  | Waiting for db to respond...
website_app_1 exited with code 1
website_worker_1 exited with code 1
website_web_1 exited with code 1
^CGracefully stopping... (press Ctrl+C again to force)
Stopping website_redis_1  ... done
Stopping website_db_1     ... done

Additional thoughts:
It's very possible that the issue has to do with my local environment as I'm new to Docker. So my apologies if this is a personal problem! Thanks very much for any assistance in looking into this!

google chrome

Dependabot couldn't authenticate with https://pypi.python.org/simple/.

You can provide authentication details in your Dependabot dashboard by clicking into the account menu (in the top right) and selecting 'Config variables'.

View the update logs.

https://realfavicongenerator.net/favicon_checker?protocol=https&site=jazzband.co%2F#.YUMg67gzaMo

Would Jazzband as a whole benefit from having .github/CODEOWNERS files defined for projects and should they be in the default checklists?

Refer to the discussion at:

• https://github.com/orgs/jazzband/teams/pip-tools/discussions/2
• https://help.github.com/en/articles/about-code-owners

See #467 for the traceback.

https://github.com/lkiesow/python-feedgen may be a good alternative.

It's really nice that this has docker-compose set up, as it makes for a really nice development experience.

However, to test a change I just ran docker-compose up web, and I get an error because the MAIL_PASSWORD environment variable is not found. Obviously in this case I'm not interested in setting up emails, so it would be nice to not have to worry about it.

Perhaps we can somehow add a dev option to docker-compose so I can run the server without worrying about this?

What do you think?

http => https

https://github.com/jazzband/website/blob/main/jazzband/decorators.py#L11

In addition to https://jazzband.co/about/security, we could also expose the security contact information as per https://securitytxt.org/.

This known URL can provide researchers a common format of how to contact the team regarding a security issue. It theoretically can reduce the friction for a person to submit an issue properly.

Hi 👊

This is my first visit to this fine repo, but it seems you have been working hard to keep all dependencies updated so far.

Once you have closed this issue, I'll create separate pull requests for every update as soon as I find one.

That's it for now!

Happy merging! 🤖

When a repo is transferred, it might have issues disabled for some reason, which prevents the automatic TODO issue to be created. We should auto-enable issues before creating the TODO issue.

I am so sorry, there is tiny, teny, ery, bery problem.
The title is not good.
But everything is very good, except title.
Thanks.

Clicking login at https://jazzband.co/ goes to https://github.com/login/oauth/authorize?client_id=692473717aaa7a89a38c&scope=read%3Aorg%2Cuser%3Aemail which is a 500 error

When you build wheel files unfortunately they are not build deterministically (read: reproducible) at the moment. This is a larger issue in the wheel library since it creates a list of files included in the wheel file that also includes timestamps for each file when adding the file to the wheel file and not of its original file creation datetime.

There is however a workaround that I think we could use in the future, the SOURCE_DATE_EPOCH env variable (https://reproducible-builds.org/docs/source-date-epoch/).

Flit explains it a bit like that as well: https://flit.readthedocs.io/en/latest/reproducible.html

That would override the timestamp used in the list of files and should make it possible to create local copies of the files created on the Jazzband continuous integration system.

So here’s the idea to make this easier for Jazzband:

1. Create a timestamp on the CI system in the release workflow with the current epoch on the build system.

2. Find a way to submit that timestamp together with the rest of the metadata to the Jazzband package index (e.g. as part of the package meta data, or an asset file on the CI service or ..).

3. During verification, use the original timestamp from CI when recreating the wheel file locally.

So all we would need to do is to provide a way to store the SOURCE_DATE_EPOCH timestamp to solve (2) and document (3).

Hi All,

LOVE the idea of Jazzband, but a bit unsure of 'how it works'...

For instance, I've just joined, and actually created a PR of the site, mostly cleaning up/correcting grammar and language issues. I've posted the PR here.

Obviously, I COULD merge it, and force the change.

But, what is the 'desired process'? Is there a Code Review? Do I need to get approval of some number of other members? What should the desired process be?

Second, How do I know if anyone is working a particular issue? I would rather collaborate, or attack a different issue, than duplicate work.

I'm sure this is a new experiment, but I thought I'd kick off the discussion anyway.

-Scott

We have the auto-ticketing when a transfer has been started, but we too often had to answer now how to do the transfer in the first place. We should document that in the docs and render it on the website.

This should probably be as simple as using GitHub's native archive function and then showing that information when the data is synced to Jazzband.

the projects overview should have a filter to show those that don't have lead(s)

https://jazzband.co/projects

https://jazzband.co website is not accessible anymore, invalid certs.

ERR_CERT_COMMON_NAME_INVALID

I'm getting an error when uploading a silk package to the jazzband server: https://travis-ci.org/jazzband/silk/jobs/326440835

HTTPError: 413 Client Error: Request Entity Too Large for url: https://jazzband.co/projects/silk/upload

My local build is saying that the wheel and gzip packages are a bit less than 2MB whereas the pypi limit seems to be 60MB (pypa/packaging-problems#86). Can we increase the jazzband server's request size limit to 60MB to match pypi?

Dependabot can't resolve your Python dependency files.

As a result, Dependabot couldn't update your dependencies.

The error Dependabot encountered was:

Updating dependencies
Resolving dependencies...
                                   
[PackageNotFound]   
Package pyatom (1.4) not found.  
                                   
update [--no-dev] [--dry-run] [--lock] [--] [<packages>]...

If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.

You can mention @dependabot in the comments below to contact the Dependabot team.

I have the same issue as the person here: jazzband/help#18

I have tried that locally and have figured out, that it is broken in this line: https://github.com/jazzband/website/blob/master/jazzband/models.py#L116

What happens: github returns a list of emails, if the user has set it this way (I have two, for example). That line raises orm_exc.MultipleResultsFound("Multiple rows were found for one_or_none()"). What works for me:

    def check_verified_emails(self):
        return (self.email_addresses.filter_by(verified=True).first()
                is not None)

So, there's also an option to remove second email from github before first login.

I can send PR, if that solution is fine.

Hi All,

Thanks for all of your work maintaining various Django packages.

FYI I was reading your guidelines page, I found a broken link.

https://jazzband.co/about/guidelines says:
"See this website’s contributing guideline for how it’d look like. Feel free to add a similar paragraph to your README file."

"contributing guideline" links here, but that link is broken.
https://github.com/jazzband/website/blob/master/CONTRIBUTING.md

I just wanted to let you know in case you wanted to update the link or change the text.

Thanks,
Collin

Requirements badge on the main page of the repo is missing (from README.md).
Here what it looks like:

Basically there has been confusion about the fact that there may be multiple uploads per version, e.g. a tar.gz and a whl file. We should improve the upload listing to make sure all uploads are discovered.

https://jazzband.co/members

Something I noticed in joining up to Jazzband - I had some issues with the join form. Originally I thought it a Safari thing (my browser of choice, though I realise it has its shortfalls) but the same thing happens with Google Chrome. Not sure where I need to file a bug report on this so stating it here for now.

Using the id "cookies" is what seems to break the page. Some of the graphics and styles no longer render, and there is no checkbox on the cookies "I consent" item, so the form is impossible to complete as is. To work around this, I used chrome dev tools and edited the id value but left the name attribute as "cookies" at which point the checkbox appeared, and I could successfully submit the form. This is a mysterious bug, especially since "cookie" is used in headers & DOM, not the plural.

Here's a screenshot of what the form looks like with the "<input id="cookies" .." element present:

To further the cause of Jazzband there should be another role next to members and roadies: management

The management team basically consists of people steering the Jazzband project and act as guardians of the Jazzband's policies and work towards evolving the Jazzband project.