linkchecker:259:1: E266 too many leading '#' for block comment
linkchecker:297:1: E266 too many leading '#' for block comment
linkchecker:385:1: E266 too many leading '#' for block comment
linkchecker:498:1: E266 too many leading '#' for block comment
setup.py:40:1: F401 'distutils.command.sdist.sdist' imported but unused
setup.py:47:1: F401 'distutils.command.build.build' imported but unused
setup.py:61:5: E722 do not use bare 'except'
setup.py:381:80: E231 missing whitespace after ','
I don't like the extra MANIFEST file lying around. It clashes with the
old distutils feature of having a MANIFEST file. I intend to replace
this check with check-manifest.
It is confusing to have different versions of the code self-identify
with the same version number. In my experience it's always best to
increment the version number and add a .dev0 suffix right after making a
release. When it's time to make a new release, you remove the .dev0,
commit, tag that commit, then make second commit that bumps the version
and adds .dev0 back.
This way only releases identify themselves as "version X.Y.Z" with no
.dev0 suffix and it's immediatelly apparent when you've got a prerelease
installed from git.
Except for tests that include non-unicode characters:
tests/test_po.py
tests/test_strformat.py
tests/test_url.py
tests/checker/test_error.py
tests/checker/test_news.py
The python_requires is the important one; it means once we publish a
new release on PyPI, pip install will know not to try to install it if
you run it on Python 2 and will fall back to an older version.
bs4 is a dummy package managed by the developer of Beautiful Soup to prevent
name squatting. The official name of PyPI’s Beautiful Soup Python package is
beautifulsoup4. The bs4 package ensures that if you type pip install bs4 by
mistake you will end up with Beautiful Soup.
However, for requirements, it's cleaner to use the proper name.
For downstream packaging in Fedora, this avoids the need of packaging
the dummy package.
UrlBase has been modified as follows:
- the "data" variable now holds bytes
- decoded content is stored in a new variable "text"
- functionality from get_content() has been split out into
get_raw_content() which returns "data" and download_content() which
calls read_content() and sets the download related variables.
This allows for subclasses to do their own decoding and parsers to
use bytes.
PR #196 bumped this to 2.20 to fix a security warning about requests
in our repository, but I believe that warning can be fixed by removing
only the upper bound. This should make backporting linkchecker to
older systems easier, where requests presumably has the 2.20 fix
backported.
Requests versions <= 2.19.1 are vulnerable to CVE-2018-18074:
> The Requests package through 2.19.1 before 2018-09-14 for Python sends
> an HTTP Authorization header to an http URI upon receiving a
> same-hostname https-to-http redirect, which makes it easier for remote
> attackers to discover credentials by sniffing the network.
Thank you, GitHub security alerts, for bringing this to my attention.
