Skip to content

Add explicit GHSA for vuln disclosure #903

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JonathanHuot merged 25 commits into from
Jun 18, 2025
Merged

Add explicit GHSA for vuln disclosure #903

JonathanHuot merged 25 commits into from
Jun 18, 2025
+235 −1,343

Conversation

@JonathanHuot
Copy link
Member

@JonathanHuot JonathanHuot commented Jun 11, 2025

During the last CVE disclosure, it was not obvious which tools shall we use to discuss about the vulnerability.
Replacing email with GitHub private channel with oauthlib administrators has been found very convenient and should be listed explicitly when raising issues.

auvipy
auvipy reviewed Jun 11, 2025
View reviewed changes
Copy link
Contributor

@auvipy auvipy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah it is much better!

JonathanHuot and others added 24 commits June 18, 2025 08:50
@JonathanHuot
Add Incident Response Plan
4412df7
@JonathanHuot
Fix latest ruff findings
28aab3a 
Replaced deprecated ruff config
@JonathanHuot
Removed year from license
034c8ea 
Removing date from copyrights to ease maintenance is the practice nowadays, see https://aboutcode.org/2023/update-copyright-each-new-year/
@JonathanHuot
Removed unused bandit, since it has been replaced with ruff
c3550a0
@JonathanHuot
Removed inactive users while keeping them in AUTHORS file.
7760637
@JonathanHuot
Refresh wording of license to not confuse tools between BSD-3 & BSD
e9a5757 
Based on latest https://opensource.org/license/BSD-3-Clause, suggested removal of ambiguity from https://peps.python.org/pep-0639/appendix-mapping-classifiers/ and https://peps.python.org/pep-0639/#deprecate-license-classifiers

Fixed #896
@JonathanHuot
Add 3.3.0 changelog and bump version
e57283b
@JonathanHuot
Fix multiple if statements
c7a3c8c
@JonathanHuot
Handle expires_at with best effort basis
aac6c64
@JonathanHuot
Removed version ping to work with all py versions
e1672e4
@JonathanHuot
Simplified str convertion of expires_at
a856691 
Co-authored-by: Copilot <[email protected]>
@JonathanHuot
Does not round if float is provided
35480ca
@JonathanHuot
Factorized parsing of expires_at
6a30bcf 
Added similar behaviors to all interfaces where expires_at is parsed, this will facilitate the implementations. Note this is breaking change for those which are expecting the "default" `expires_at` (as in, not provided) to be a float. This will now default to a int.
@JonathanHuot
Added expires_at changelog
51259c2
@JonathanHuot
Removed unnecessary comments
ebbe682
@JonathanHuot
Simplify isinstance calls to one/Ruff/SIM101
7293d0c
@JonathanHuot
Updated release date
78e2c43
@JonathanHuot
Bumped release
e4d4a0d
@JonathanHuot
Updated GH actions
be15236
@JonathanHuot
Added maintainer instructions
e5b3617
@JonathanHuot
Fixed ruff findings about function import
76585fe
@JonathanHuot
Fix linter after rebase
854670b
@JonathanHuot
Updated recommended filter for publish
68b2dfc
@JonathanHuot
Execute publish workflow of the tagged source. Not of master branch.
967bc50
@auvipy auvipy self-requested a review June 18, 2025 08:29
@JonathanHuot JonathanHuot merged commit 9ed616d into master Jun 18, 2025
23 checks passed
@JonathanHuot JonathanHuot deleted the security-ghsa branch June 18, 2025 20:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@auvipy auvipy auvipy approved these changes

Assignees

No one assigned

Labels

Documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JonathanHuot @auvipy