chore(deps): bump pygments from 2.19.2 to 2.20.0#2
Closed
dependabot[bot] wants to merge 38 commits into
Closed
Conversation
…pt types Full-featured script management desktop app (FastAPI + Alpine.js + pywebview): - 18 script types: python, bash, sh, zsh, node, ruby, perl, php, go, r, julia, swift, deno, lua, java, powershell, executable, other - Runtime discovery: scans system for installed interpreters (pyenv, nvm, homebrew, system) with version detection and caching - Python environment management: detect, create, and associate venvs; view, install, and uninstall packages via pip - Interpreter dropdown in script modal with discovered runtimes - Auto-migration for existing SQLite databases (venv_path, interpreter_version) - Scheduling (interval/cron/specific time), health scores, notifications - PyInstaller packaging for macOS/Windows/Linux Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add native file/folder browser dialogs via pywebview JS API for script path, working directory, and venv path fields (with auto script type detection from file extension) - Add pre-save dependency check (POST /api/scripts/validate-config) that validates interpreter availability, script file existence, venv, and working directory before saving — shown inline in the script modal - Fix Details button not working (Alpine.js x-for only supports one root element; wrapped both table rows in per-script tbody) - Add adaptive polling: scripts page polls every 2s after Run until done; dashboard polls 2s when scripts running, 10s when idle - Hydrate SMTP and digest settings from DB on startup so saved settings persist across app restarts without requiring re-save Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Ubuntu 24.04 renamed libwebkit2gtk-4.0-dev to 4.1. Also set fail-fast: false so one platform failure doesn't cancel others. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adopt uv as the recommended dev workflow — no system Python install needed. Adds pyproject.toml with dependency groups, uv.lock for reproducible installs, and updates build scripts, CI, and docs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Setuptools auto-discovery was finding assets, backend, and frontend as top-level packages and refusing to build. Explicitly include only backend. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ompat pip doesn't support PEP 735 dependency-groups, so `pip install .[dev]` wasn't installing pytest in CI. Use project.optional-dependencies instead. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
PyInstaller-bundled Python on macOS can't locate the system certificate store, causing CERTIFICATE_VERIFY_FAILED when testing SMTP connections. Use certifi's bundled CA certificates for both send_email and test_smtp_connection. Also fix README webkit2gtk version reference. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Adds Categories tab in Settings with add/rename/recolor/delete
- New PUT /api/scripts/categories/{id} endpoint
- Delete now nulls script.category_id (SQLite FKs aren't enforced)
- Removes cascade="all, delete-orphan" on Category.scripts (was a
landmine that could delete scripts on category delete)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Frontend-only feature design (Cancel buttons on dashboard, scripts row, and run detail modal) with one additive backend field on ScriptResponse. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
7 TDD tasks covering backend running_run_id field, shared cancelRun helper, and Cancel buttons on dashboard, scripts row, and run-detail modal. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Add find_running_run() helper and use it in list_scripts and get_script to populate is_running plus a new running_run_id field. The Scripts page Cancel button needs the run_id to call /kill.
Lets callers distinguish 404 from 5xx. Used by the upcoming cancelRun() helper to silently treat 'process already gone' as success.
Encapsulates confirm prompt, API call, and toast feedback so all three Cancel-button surfaces use identical behavior.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The parameter was named running_processes, shadowing the module-level import of the same name from backend.executor. Functionally fine but slightly confusing at the call sites. Rename to tracked_processes; docstring updated to clarify the relationship. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replace per-component polling with a single SSE event stream (runs.changed, scripts.changed, categories.changed, settings.changed) plus a floating manual Refresh button. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
7 TDD tasks: events.py pub/sub primitives, /api/events SSE endpoint, mutation emit calls, frontend event bus on Alpine store, component subscriptions (replacing per-page pollers), floating Refresh button, end-to-end manual verification. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Single-process desktop app, so a module-level subscribers list is fine. Non-blocking emit drops events for slow consumers rather than stalling the publisher.
Each connection gets its own asyncio.Queue. Yields an initial 'connected' frame, then events as they arrive, with a 30s 'ping' heartbeat to keep the connection alive. Note: TestClient + sse-starlette deadlock (both httpx.ASGITransport and Starlette's _TestClientTransport buffer the full response before returning, so infinite SSE generators hang). Tests use generator-level unit tests (direct async iteration + mock Request) and a route-table assertion instead of the sync streaming client pattern. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
EventSourceResponse already pings every 15s by default. The manual 30s wait_for/TimeoutError ping was duplicating that. queue.get() now blocks indefinitely; sse-starlette's framework ping keeps the connection alive on its own cadence. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
executor + scripts/schedules/runs/settings/cron handlers now publish runs.changed, scripts.changed, categories.changed, or settings.changed after their commits, picked up by SSE subscribers.
The early-exit when validate_script() finds issues commits status=failed but was missing the events.emit call, leaving the UI stuck showing the run as 'running' until the next refresh. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Opens one EventSource on auth-confirmed init, routes events to per-component subscriber callbacks, exposes refreshCurrentPage() for the upcoming floating Refresh button, reconnects with exponential backoff (1s -> 30s) on error.
I-1: Move backoff reset from server-frame 'connected' to network-level 'onopen' — eliminates backoff creep under flapping reconnects. I-3: Capture subscribers Set by closure in subscribeEvents — defensive against future teardown code that might replace the per-event-type Set. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
dashboard, scripts, history, and settings components now register themselves with the page-refresher registry and subscribe to relevant SSE events with a 200ms debounce. Dashboard's _scheduleRefresh chain and scripts' _startRunPoll interval are removed; SSE drives freshness instead.
Bottom-right circular button. Border color reflects SSE state (green when connected, gray when disconnected). Click triggers refresh on whatever page is currently visible. Hidden when unauthenticated.
z-index: lower the floating Refresh button below modal-overlay so an open modal correctly covers it (otherwise the user can click through the dimmed backdrop and trigger a refresh mid-edit). toast position: push the toast container up by ~64px so toasts no longer render directly over the FAB. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
scheduler.run_scheduled_script now emits scripts.changed after updating Schedule.next_run, so the Scripts page expanded-schedule view's "Next: <time>" doesn't go stale until the next user action. refreshCurrentPage() now wraps the registered refresh in try/catch and shows an error toast on failure, giving users visible feedback when the backend is unreachable (the precise scenario the manual button was added to handle). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Distinguishes "lost connection, retrying" (yellow border + subtle pulse) from "first-time failure or given up" (gray border). New sseReconnecting state on the store flips true in _scheduleReconnect and false on EventSource onopen. Closes a spec gap from the original SSE design. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
R1: pin softprops/action-gh-release@v2 to commit 3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 to mitigate supply-chain risk. The release job has contents:write, so a maintainer compromise on a floating tag would be high-impact. O1: add top-level permissions: contents:read so test/build jobs can't inherit anything broader. The release job's existing per-job contents:write still applies (job perms override workflow defaults). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Without an explicit license, default copyright forbids reuse. MIT matches the project's de facto permissive posture and is the simplest license for users embedding or modifying GridRunner. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Gives security reporters a private channel instead of a public issue. Notes the in-scope categories for a single-user 127.0.0.1-bound desktop app and clarifies that AUTH_ENABLED=false is intentional. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The previous default ('change-me-in-production-...') was used by every
install that didn't override GRIDRUNNER_SECRET_KEY, meaning session
cookies could in principle be forged across installs by anyone reading
the public source. Now the key is generated at first run, written to
~/.gridrunner/secret_key (mode 0600), and reused thereafter. The env
var still wins when explicitly set.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Bumps [pygments](https://github.com/pygments/pygments) from 2.19.2 to 2.20.0. - [Release notes](https://github.com/pygments/pygments/releases) - [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES) - [Commits](pygments/pygments@2.19.2...2.20.0) --- updated-dependencies: - dependency-name: pygments dependency-version: 2.20.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps pygments from 2.19.2 to 2.20.0.
Release notes
Sourced from pygments's releases.
Changelog
Sourced from pygments's changelog.
Commits
708197dFix underline length.1d4538aPrepare 2.20 release.2ceaee4Update CHANGES.e3a3c54Fix Haskell lexer: handle escape sequences in character literals (#3069)d7c3453Merge pull request #3071 from pygments/harden-html-formatter0f97e7cHarden the HTML formatter against CSS.9f981b2Update CHANGES.1d88915Update CHANGES.c3d93adFix ASN.1 lexer: recognize minus sign and fix range operator (#3060)4f06bcffix bad behaving backtracking regex in CommonLispLexerDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.