-
Notifications
You must be signed in to change notification settings - Fork 673
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Publish a new package, loguru-hardened, with security focussed defaults #1136
base: master
Are you sure you want to change the base?
Conversation
I don't know why 3.13 build fails, maybe try rebasing (a few libraries were updated since then)? |
if it's serialized be default, should we also remove level time from default format? |
c5f9775
to
92cd74c
Compare
I don't follow, could you give a code example of what you mean or explain further? |
from LOGURU_FORMAT = env(
"LOGURU_FORMAT",
str,
"<green>{time:YYYY-MM-DD HH:mm:ss.SSS}</green> | "
"<level>{level: <8}</level> | "
"<cyan>{name}</cyan>:<cyan>{function}</cyan>:<cyan>{line}</cyan> - <level>{message}</level>",
) to LOGURU_FORMAT = env("LOGURU_FORMAT", str, "{message}") |
@@ -40,6 +40,7 @@ Installation | |||
|
|||
pip install loguru | |||
|
|||
Or if you need more secure defaults, install ``loguru-hardened``. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also mentioned loguru-hardened
in the README, but I could not find a release action configured, so I'm not sure how to make sure hardened is also released when a new release is created.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed, since there is no Github Action, I need to do it manually for now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I could open up another pr with release workflows if you would like that. I don't know what currently goes into the manual release actions, but it might be a nice setup to simplify maintenance.
I finally fixed CI for Python 3.5 and 3.13, can you try rebasing the PR please? |
Introduce a separate script that will override a few files to harden loguru defaults and build a loguru-hardened package, then revert the changes using git.