f40bd649ce Bump cryptography from 41.0.4 to 41.0.6 (dependabot[bot])
Pull request description:
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.4 to 41.0.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p>
<blockquote>
<p>41.0.6 - 2023-11-27</p>
<pre><code>
* Fixed a null-pointer-dereference and segfault that could occur when loading
certificates from a PKCS#7 bundle. Credit to **pkuzco** for reporting the
issue. **CVE-2023-49083**
<p>.. _v41-0-5:</p>
<p>41.0.5 - 2023-10-24
</code></pre></p>
<ul>
<li>Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.4.</li>
<li>Added a function to support an upcoming <code>pyOpenSSL</code> release.</li>
</ul>
<p>.. _v41-0-4:</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="f09c261ca1"><code>f09c261</code></a> 41.0.6 release (<a href="https://redirect.github.com/pyca/cryptography/issues/9927">#9927</a>)</li>
<li><a href="5012bedaef"><code>5012bed</code></a> bump for 41.0.5 release (<a href="https://redirect.github.com/pyca/cryptography/issues/9766">#9766</a>)</li>
<li><a href="563b119399"><code>563b119</code></a> Added binding needed for pyOpenSSL (<a href="https://redirect.github.com/pyca/cryptography/issues/9739">#9739</a>) (<a href="https://redirect.github.com/pyca/cryptography/issues/9740">#9740</a>)</li>
<li>See full diff in <a href="https://github.com/pyca/cryptography/compare/41.0.4...41.0.6">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/JoinMarket-Org/joinmarket-clientserver/network/alerts).
</details>
ACKs for top commit:
AdamISZ:
> ACK [f40bd64](f40bd649ce). This isn't affecting us in any way (we use it only for AES), but I don't see downsides in upgrading.
kristapsk:
ACK f40bd649ce. This isn't affecting us in any way (we use it only for AES), but I don't see downsides in upgrading.
Tree-SHA512: ab291fbca629f6657aa0cdf0594ec8d235a75e5246110dcdc3d1fb5c299ab182e08173b343fe8c5c45324621104ccba08a12d300c4cfee8f8e1fd75252ad98d2
bfc618a99e Fix OrderbookWatch.on_order_seen() exception debug messages (Kristaps Kaupe)
Pull request description:
You cannot concatenate `str` with `int`. Found while working on #1602.
ACKs for top commit:
AdamISZ:
utACK bfc618a99e
Tree-SHA512: 34e2181bd91c856348fee88233f76d25a51d1626d1ad3523e861caa3ba84c248371de874841038381839efa4816d58d2d0933628f79bcf7d64295483c7959dfc
c990a4da6b Allow fee bump tx not signalling BIP125 if mempoolfullrbf is enabled (Kristaps Kaupe)
Pull request description:
We should allow this if full-RBF is enabled in Bitcoin node.
ACKs for top commit:
AdamISZ:
utACK c990a4da6b
Tree-SHA512: a2bb2374e790891d437ee71647c15ad91eb855ae5bd99afa8e116b91d15bdd4a9f3694469a867f24a37612c38e4215bfb1d45beda8fc921b3dc4363d5d015fd0
d8f1fc42d4 Add optional txfee property for direct-send wallet RPC (Kristaps Kaupe)
Pull request description:
Resolves#1360. Jam wants it for https://github.com/joinmarket-webui/jam/pull/678.
ACKs for top commit:
AdamISZ:
tACK d8f1fc42d4
Tree-SHA512: aa5afc17c0a39d65094c69d847841295c101ed74518be25610378aa7eda95ee3e609f7ae49be75c3e9d148dd8f7787ac1ccc17aa8ee624d1cef3508fa70af114
4486b10798 Transaction virtual size must be rounded upwards (Kristaps Kaupe)
Pull request description:
Transaction virtual size must be rounded upwards.
Top commit has no ACKs.
Tree-SHA512: 9541ec8754d48aacdc10dc0cfb4323b60c4514f8f61a2d827ee7354d58cf46db530b4b68850f450a58e2053a9f69504fd80ca9f4d3614b7df24bc8d38f09a7fe
1cb20d5ae6 Do not reinstall on test (roshii)
Pull request description:
Removing `pip install .[test]` step from test script. It does not make sense to reinstall everything when test are ran especially with editable install.
ACKs for top commit:
kristapsk:
re-ACK 1cb20d5ae6
Tree-SHA512: 7a35f1f7f2160b84e97819f0f91655c551e8343921f734a0092d3fdaad76d46afcf2f053ad55964120240314dced4557d55c44d299e4622a50b55851b4b5df73
4f4945e5c5 Test min and latest Python version only (roshii)
Pull request description:
Taking the same approach as `bitcoind` version testing, setting only minimum required and latest Python version in CI. Testing so many versions does not bring much added value IMHO.
ACKs for top commit:
kristapsk:
ACK 4f4945e5c5
Tree-SHA512: 7678783323828dad9e0899c557077344ba968cc716b6aeccc1f50a4a5eaa23d6b2bf89eb0a607c2e1c31a395e03b26b65187d8ae5386674fc512ae9790cc9560
638200d346 feat(rpc): add block height to session response (theborakompanioni)
Pull request description:
Adds the current block height to the `/session` response.
This can be useful for api clients to display a more sophisticated message on how long to wait for a given UTXO when it has less than 5 confirmations (for [sourcing commitments](https://github.com/JoinMarket-Org/joinmarket-clientserver/blob/master/docs/SOURCING-COMMITMENTS.md#wait-for-at-least-5-confirmations)). `/session` is usually polled, so when the block height changes, additional information can be reloaded (instead of polling the `/wallet/{walletname}/utxos` endpoint).
The value is only included for authenticated requests when a wallet is loaded.
Additionally, block height changes could be pushed via websocket. However, this is not included in this PR.
ACKs for top commit:
kristapsk:
utACK 638200d346
Tree-SHA512: f5275a469a69678709cd88683463da155f9319dbc8cd64d159a942bcdb644f6e6f41b3f47a5bcd48eba66f17d27cd9fbf3126378aa3135ed5f9bc6fdeb5e7215
3e71df586b Fix ShellCheck warnings (Kristaps Kaupe)
027682ab2c CI: Add ShellCheck (Kristaps Kaupe)
Pull request description:
Could use `./test/lint/lint-shell.sh` instead, but this way was simpler.
https://github.com/marketplace/actions/shellcheck
ACKs for top commit:
roshii:
utACK 3e71df586b
Tree-SHA512: 4f98464b397088293ea0c7736e835d94b7079c53f0958c36aeca62d68a586fd69fa05988591dbbba51f64824ef58e5341cc7930217fba0f2b2b4aa53e3735080
438cb41c23 Replace readfp() (roshii)
Pull request description:
Replace `ConfigParser.readfp()` with `ConfigParser.read_file()` as per Python [docs](https://docs.python.org/3/library/configparser.html?highlight=configparser#configparser.ConfigParser.read_file)
The latter is available as from Python v3.2 while the former breaks as from v3.12
ACKs for top commit:
kristapsk:
ACK 438cb41c23
Tree-SHA512: 9f0c7b35a8410a49f4c7486d25535e8f4e47cc40f794c1e83d8b8ee070aa55fcf5a8e6424fd6ebf09c9978bd4e6259c9f26e7d17e2cac55745725bf44cd97917
1a8d0ea683 Correct help description for --develop (Kristaps Kaupe)
Pull request description:
#1484 changed the meaning of `--develop`.
Top commit has no ACKs.
Tree-SHA512: 162d6255ca6750a691a1b9fcb6897b6397fb0345c092bdceb88e2142f5429919fb73f2c7dd5f4d7a54576eb9f9d2409d00f0d33a9f4d458b60fdbd08e72336a1
70366ffede Bump cryptography to 41.0.4 for all platforms (Kristaps Kaupe)
Pull request description:
Remove conditions for old `cryptography` for 32-bit platforms. Back in a day it was pinned to v3.3.2, because newer versions introduced Rust as a dependency and 32-bit platforms don't have pre-built wheels. I think we should get rid of this hack - 1) not much people are running 32-bit OSes anymore (years ago default Raspberry Pi OS was 32-bit even for 64-bit boards, that's not true anymore), 2) none of developers actually tests stuff on these platforms and against such old `cryptography` versions, 3) it should be still possible to use JM with 32-bit archs, just local installation of Rust will be needed to build.
Also bump to v41.0.4, as v41.0.2 and v41.0.3 is statically linked with vulnerable versions of OpenSSL (although these vulnerabilities should not affect JM).
ACKs for top commit:
roshii:
utACK 70366ffede
Tree-SHA512: 57a75a21f38d0e793bafc89bacf5487131a4848e2a1fbd72c281e84ca5c64bc673a91d1484bb5fd4ec3c69d07a333a12bceb5cabe0e5eb76b62f9631a83b6732
83d7ebb40b Log in case JM loads RPC wallet at startup (Kristaps Kaupe)
Pull request description:
There are some cases when this operation can be slow, better log. Otherwise user might think JM just hanged up.
In my case I was doing some testing on ARM machine where I don't run JM everyday, so that wallet haven't been used for a long time and Core needed to do rescan for almost 8000 blocks.
ACKs for top commit:
roshii:
utACK 83d7ebb40b
Tree-SHA512: b605e5e9310113caf21f540a62c2604a80dcbc054515f85d747a782a7220153631e3e4593d1c05821f9a8dcb50602355129c2903d85dd15007c12dc8f6dbb4e2
71815129e3 Upgrade setuptools also with --docker-install (Kristaps Kaupe)
Pull request description:
This was missed in #1484.
ACKs for top commit:
roshii:
tACK 71815129e3
Tree-SHA512: 4e7d3fb139558d24992bf78b22b8a191fdbf99de14abc34adfd370b7bd2d3ff8b1ceaf1c6c2ccf1b000107e83c87420e73b4fc1cb1453883502f1e83f137737f
1ebb68f119 Update txtorcon to 23.0.0 (Kristaps Kaupe)
Pull request description:
Replaces #1558.
Changes:
* Drop Python2 support
* Fix a bug with stream updates (and CONTROLLER_WAIT)
https://github.com/meejah/txtorcon/releases/tag/v23.0.0
Top commit has no ACKs.
Tree-SHA512: 1a3cc28d05ab90cf1e33fcd5322b099e0674bffa5879a93330857c14113a32c71cad708f2c01e680a3229ad3aaea27c9baaf076ee9786d48db808d61412a5978
c8eef50e93 Migrate to modern packaging and src layout (roshii)
Pull request description:
- Migrate to src-layout following https://setuptools.pypa.io/en/latest/userguide/package_discovery.html#src-layout to facilitate automatic package discovery and editable installs.
- Create `joinmarket` namespace distribution package in line with https://packaging.python.org/en/latest/guides/packaging-namespace-packages/
- Migrate to `pyproject.toml` file for project configuration instead of legacy `setup.py`
In practice:
- Joinmarket packages are moved to `src` folder, with their respective test moved to `test` folder at project root
- Optional dependencies definitions groups allows a granular installation depending on user needs
- Integrated test cannot be run prior to subpackages' respective test, `reactor` is somehow left unclean by the latter., the former test definitions are therefore moved to a dedicated `unified` folder.
- A private module is created in `jmqtui` to be run upon UI update (not tested)
Fixes https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/1491
Top commit has no ACKs.
Tree-SHA512: f88c4f58c114700a68cbc451fa37ad53e9e2e07b837c20ac4d83a73e6803a28a4a38ec68320932ba309a72107d6747f37465f9898a9cdf0e2f210aa067146e1b
c08e824d02 build(deps): update tor from v0.4.7.13 to v0.4.8.7 (theborakompanioni)
Pull request description:
Updates local tor from v0.4.7.13 to v0.4.8.7.
~~Release notes: 51cefce3e6~~
ACKs for top commit:
kristapsk:
ACK c08e824d02
Tree-SHA512: cf4368ec95897b22ed94b228f1d0feb9a08c939ecec5b82f84d5d68df43aa0d7898907856ca53d5bb9a3b4da26b2e8611d37a86fe59f12ab0160287477331b11
Adam Gibson
dependabot[bot]
Kristaps Kaupe
roshii
st3b1t
theborakompanioni