django-smart-selects icon indicating copy to clipboard operation
django-smart-selects copied to clipboard

Published 20 hours ago verified publisher icon jazzband

Publish latest package version to PyPi

Open pietrodantuono opened this issue 10 months ago • 3 comments

You MUST use this template when reporting issues. Please make sure you follow the checklist and fill in all of the information sections below.

All versions of django-smart-selects prior to version 1.2.8 are vulnerable to an XSS attack as detailed in issue 171. As a result, all previous versions have been removed from PyPI to prevent users from installing insecure versions. All users are urged to upgrade as soon as possible.

Checklist

Put an x in the bracket when you have completed each task, like this: [x]

  • [X] This issue is not about installing previous versions of django-smart-selects older than 1.2.8. I understand that previous versions are insecure and will not receive any support whatsoever.
  • [X] I have verified that that issue exists against the master branch of django-smart-selects.
  • [X] I have searched for similar issues in both open and closed tickets and cannot find a duplicate.
  • [X] I have debugged the issue to the smart_selects app.
  • [X] I have reduced the issue to the simplest possible case.
  • [X] I have included all relevant sections of models.py, forms.py, and views.py with problems.
  • [X] I have used GitHub Flavored Markdown to style all of my posted code.

Steps to reproduce

  1. Create a Django 5 project using django-smart-selects installed from PyPi.
  2. Try to run the project.

Actual behavior

The latest version of django-smart-selects package which is available on PyPi is 1.6.0. This version is not compatible with Django 5.0, while the latest available on GitHub (1.7.1) is.

In the repository Actions I saw that the following step fails: https://github.com/jazzband/django-smart-selects/actions/runs/8273216022/job/22636552189#step:7:16

This step could be solved by using the help provided by the following StackOverflow answer: https://stackoverflow.com/questions/70435286/resource-not-accessible-by-integration-on-github-post-repos-owner-repo-ac

Expected behavior

Installing the package from PyPi should install the latest version.

pietrodantuono avatar Apr 22 '24 09:04 pietrodantuono

@medbenmakhlouf

ldeluigi avatar Jul 01 '24 07:07 ldeluigi

anyone able to push this?

farfanoide avatar Aug 07 '24 15:08 farfanoide

Dear people, I am having serious problems getting my project to run on the latest version of Django using poetry. In my pyproject.toml I have:

django-smart-selects = {git = "https://github.com/jazzband/django-smart-selects.git", branch = "master"}

and when building the docker image I get:

LookupError: setuptools-scm was unable to detect version for /usr/local/src/django-smart-selects.

#0 21.63 Make sure you're either building from a fully intact git repository or PyPI tarballs. Most other sources (such as GitHub's tarballs, a git checkout without the .git folder) don't contain the necessary metadata and will not work.

Please publish to github 🙏

Any help is appreciated, by the way, if it the repository is not published...

p.s. installing another package in the same manner does work, In toml file: python-docx = { git = "https://github.com/takis/python-docx.git", branch = "master" }

mzaanen avatar Aug 14 '24 12:08 mzaanen