dima

on software
Posts from blog by tag TIL:

This Week in Changelogs: flask, pytest, IPython, etc

pyenv 2.3.13, 2.3.14

Highlights from the changelog:

  • added versions 3.10.10, 3.11.2, and 3.12.0a5;
  • fixed versions 3.5.10 and 3.6.15 for macOS and modern 64-bit platforms.

This one made me laugh a bit:

  • a7b181c introduce an indentation issue
  • 3829742 fix the indendation issue.

That's how programming actually works!

TIL: head -n123 is a part of POSIX, head -123 is a shorthand that can be missing in some operating systems (pull request).

IPython 8.11.0

Highlights from the changelog:

  • %autoreload supports meaningful parameters (%autoreload all, %autoreload off, etc), not only numbers (%autoreload 0, %autoreload 2, etc).

I like the log of the pull request, it illustrates the approach of implementing a feature step-by-step, one frame at a time:

Also, this fragment is quite interesting, print and logger.info need to be used carefully for logging and protected from being overwritten during hot-reload:

p = print
logger = logging.getLogger("autoreload")
l = logger.info

def pl(msg):
    p(msg)
    l(msg)

Everything you wanted to know about GitHub actions:

flask 2.2.3

Although the changelog is not that big, I like the thing about flask run --debug.

Previously, it was flask --debug run , and it was awkward. The fix itself is quite small, but there's a lot of changes in docs, and also a PyCharm screenshot was changed. Nice and pure!

pytest 7.2.1, 7.2.2

The changelogs contains mostly bug fixes. One of them is about pytest.approx() causing ZeroDivisionError on dicts.

Another one fixes type checkers behaviour for the following code, which I think should be illegal:

with pytest.raises(RuntimeError) if val else contextlib.nullcontext() as excinfo:

(Please, don't write the code like this.)

And they fixed a race condition when creating directories in parallel, using os.makedirs(..., exists_ok=True). Simple, but helpful.

whitenoise 6.4.0

The changelog mentions support for Django 4.2. It was good to know, by the way, that STATICFILES_STORAGE is going to be changed to STORAGES dict (pull request).

django-cors-headers 3.14.0

Changelog:

  • added support for Django 4.2,
  • switched from urlparse to urlsplit.

The latter is the most interesting, urlsplit is slightly faster. Also, it's cached, so sometimes you gain a huge performance.

The difference between these functions is that urlparse includes parsing of the "parameters" section of a URL:

scheme://netloc/path;parameters?query#fragment
                     ^ this

Since it's not widely used, in most cases it's safe to switch from urlparse to urlsplit.

This Week in Changelogs: Django and faker

Django 4.1.6, 4.1.7

9d7bd5a An interesting bug of parsing the Accept-Language header. The format of the header value is complex, so there's a bunch of regular expressions and @functools.lru_cache(maxsize=1000) for caching the result. However, you can pass a huge header multiple times, causing DoS, so they added two if statements:

  • one that checks if the length is less than ACCEPT_LANGUAGE_HEADER_MAX_LENGTH
  • second - for checking the comma-separated strings. So they decided not to just raise an exception or truncate the string by [:ACCEPT_LANGUAGE_HEADER_MAX_LENGTH], but truncate the value in a safe way, so it can be parsed in a meaningful result. Good job!

26b7a25 There was a bug in generated SQL, caused by that .desc() in the model's Meta.constraints:

constraints = [
    UniqueConstraint(
        Lower("name").desc(), name="unique_lower_name"
    )
]

which resulted in <...> WHERE LOWER("myapp_foo"."name") DESC <...> when checking the uniqueness. Apparently, Django can check the constraints itself, not delegating it to the underlying database.

Although the fix is trivial, the case is not, and it wasn't covered in the initial implementation.

By the way, I like how they use typographic double quotes:

msg = "Constraint “name_lower_uniq_desc” is violated."

a637d0b f3b6a4f Those black updates are annoying, mainly because they make git blame misleading. However, there's a solution I didn't know about:

  • git blame --ignore-revs-file <file> - ignore commits listed in the file.
  • .git-blame-ignore-revs file - make GitHub ignore them as well.

590a92e The bug was caused by the commit which we've already seen. Now you can safely raise ValidationError without the code.

628b33a One more DoS fix, now it's about number of opened files when you put too many of them in one multipart payload. The fix introduces TooManyFilesSent exception, which results in HTTP 400 (DATA_UPLOAD_MAX_NUMBER_FILES = 100 by default).

I like this fragment:

try:
    return self._parse()
except Exception:
    if hasattr(self, "_files"):
        for _, files in self._files.lists():
            for fileobj in files:
                fileobj.close()
    raise

Beware of freeing your resources, garbage collector can't help you all the time!

faker 16.6.1..17.0.0

Their CHANGELOG is quite descriptive, so I'll just highlight something that I liked.

  • faker can generate valid image URLs using specific websites (TIL), and one of them, PlaceIMG, is shutting down, and they removed it from the list. The announcement is included in all the generated images:

In addition, it turned out that GitHub can put those linter errors from the actions right in the code. I don't know yet how to add this, but I definitely want it!