Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Publish latest package version to PyPi #356

Open
7 tasks done
pietrodantuono opened this issue Apr 22, 2024 · 3 comments
Open
7 tasks done

Publish latest package version to PyPi #356

pietrodantuono opened this issue Apr 22, 2024 · 3 comments

Comments

@pietrodantuono
Copy link

You MUST use this template when reporting issues. Please make sure you follow the checklist and fill in all of the information sections below.

All versions of django-smart-selects prior to version 1.2.8 are vulnerable to an XSS attack as detailed in issue 171. As a result, all previous versions have been removed from PyPI to prevent users from installing insecure versions. All users are urged to upgrade as soon as possible.

Checklist

Put an x in the bracket when you have completed each task, like this: [x]

  • This issue is not about installing previous versions of django-smart-selects older than 1.2.8. I understand that previous versions are insecure and will not receive any support whatsoever.
  • I have verified that that issue exists against the master branch of django-smart-selects.
  • I have searched for similar issues in both open and closed tickets and cannot find a duplicate.
  • I have debugged the issue to the smart_selects app.
  • I have reduced the issue to the simplest possible case.
  • I have included all relevant sections of models.py, forms.py, and views.py with problems.
  • I have used GitHub Flavored Markdown to style all of my posted code.

Steps to reproduce

  1. Create a Django 5 project using django-smart-selects installed from PyPi.
  2. Try to run the project.

Actual behavior

The latest version of django-smart-selects package which is available on PyPi is 1.6.0. This version is not compatible with Django 5.0, while the latest available on GitHub (1.7.1) is.

In the repository Actions I saw that the following step fails:
https://github.com/jazzband/django-smart-selects/actions/runs/8273216022/job/22636552189#step:7:16

This step could be solved by using the help provided by the following StackOverflow answer:
https://stackoverflow.com/questions/70435286/resource-not-accessible-by-integration-on-github-post-repos-owner-repo-ac

Expected behavior

Installing the package from PyPi should install the latest version.
@ldeluigi
Copy link

ldeluigi commented Jul 1, 2024

@medbenmakhlouf

@farfanoide
Copy link

anyone able to push this?

@mzaanen
Copy link

mzaanen commented Aug 14, 2024
edited
Loading

Dear people,
I am having serious problems getting my project to run on the latest version of Django using poetry. In my pyproject.toml I have:

django-smart-selects = {git = "https://github.com/jazzband/django-smart-selects.git", branch = "master"}

and when building the docker image I get:

LookupError: setuptools-scm was unable to detect version for /usr/local/src/django-smart-selects.

#0 21.63 Make sure you're either building from a fully intact git repository or PyPI tarballs. Most other sources (such as GitHub's tarballs, a git checkout without the .git folder) don't contain the necessary metadata and will not work.

Please publish to github 🙏

Any help is appreciated, by the way, if it the repository is not published...

p.s. installing another package in the same manner does work, In toml file:
python-docx = { git = "https://github.com/takis/python-docx.git", branch = "master" }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@farfanoide @mzaanen @pietrodantuono @ldeluigi