From 595363452924237c69c137305fe65753ab6bcfee Mon Sep 17 00:00:00 2001 From: Francesco Filicetti Date: Wed, 13 Mar 2024 09:21:39 +0100 Subject: [PATCH 1/4] fix: PositiveFloatField regex --- django_form_builder/dynamic_fields.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/django_form_builder/dynamic_fields.py b/django_form_builder/dynamic_fields.py index f422299..0a08143 100644 --- a/django_form_builder/dynamic_fields.py +++ b/django_form_builder/dynamic_fields.py @@ -348,7 +348,7 @@ def __init__(self, *args, **data_kwargs): def raise_error(self, name, cleaned_data, **kwargs): if not cleaned_data: return [] # Only numbers (expressions like 16e50 aren't permitted) - if not re.match('^[0-9]+\.?[0-9]?$', str(cleaned_data)): + if not re.match('^[0-9]+(.([0-9]+))?$', str(cleaned_data)): return [_("Solo numeri ammessi"),] @@ -735,11 +735,11 @@ class CustomPasswordField(CharField, BaseCustomField): field_type = _("Password") widget = forms.PasswordInput PASSWORD_SEC_REGEX = getattr( - settings, + settings, 'PASSWORD_SEC_REGEX', "^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{8,}$" - ) - + ) + def raise_error(self, name, cleaned_data, **kwargs): if not re.match(self.PASSWORD_SEC_REGEX, cleaned_data): return ["Password is not secure enough, please add more entropy"] From 050b9d0b4b8cc52be8be415c1907c6043c215a2a Mon Sep 17 00:00:00 2001 From: Francesco Filicetti Date: Wed, 13 Mar 2024 09:22:43 +0100 Subject: [PATCH 2/4] v1.0.1 --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 9a7bf21..1b42dfb 100644 --- a/setup.py +++ b/setup.py @@ -14,7 +14,7 @@ setup( name='django-form-builder', - version='1.0.1', + version='1.1.0', packages=find_packages(), package_data={'': ['*.wav']}, data_files=[ From 22e2a2521d0537505dc07565cc01b6e31bd7cde3 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 13 Mar 2024 08:24:33 +0000 Subject: [PATCH 3/4] fix: requirements-dev.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749 - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717 - https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-1086606 - https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-1088505 - https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-5750273 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-SPHINX-570772 - https://snyk.io/vuln/SNYK-PYTHON-SPHINX-570773 - https://snyk.io/vuln/SNYK-PYTHON-SPHINX-5811865 - https://snyk.io/vuln/SNYK-PYTHON-SPHINX-5812109 --- requirements-dev.txt | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 0ca3fa8..779cfc1 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -6,7 +6,7 @@ pytest-cov pylama codecov -sphinx>=2.0.0 +sphinx>=3.3.0 sphinx_rtd_theme sphinxcontrib-images @@ -17,3 +17,8 @@ black flake8 isort bandit +certifi>=2023.7.22 # not directly required, pinned by Snyk to avoid a vulnerability +jinja2>=3.1.3 # not directly required, pinned by Snyk to avoid a vulnerability +pygments>=2.15.0 # not directly required, pinned by Snyk to avoid a vulnerability +requests>=2.31.0 # not directly required, pinned by Snyk to avoid a vulnerability +setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability From 40aec49cb732c0b383177619b410a7248b9fbac4 Mon Sep 17 00:00:00 2001 From: Francesco Filicetti Date: Wed, 13 Mar 2024 10:03:08 +0100 Subject: [PATCH 4/4] fix: django version in requirements --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index e135cc8..dcd580f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -django<=3.2.23,<5.0 +django<=3.2.24,<5.0 filesig>=0.3 captcha>=0.3 cryptography>=2.8