From 660ef7253287deddd4f90f70ecc5c2238ab72aa9 Mon Sep 17 00:00:00 2001
From: rubenwardy <rw@rubenwardy.com>
Date: Sun, 23 Apr 2023 21:20:45 +0100
Subject: [PATCH] Update non-database dependencies

---
 app/__init__.py                     |   8 ++-
 app/blueprints/packages/packages.py |   7 +-
 app/flatpages/help.md               |  32 ++++-----
 app/flatpages/help/faq.md           |   2 +-
 app/flatpages/privacy_policy.md     |   2 +-
 app/markdown.py                     |  13 ++--
 requirements.lock.txt               | 107 +++++++++++++---------------
 7 files changed, 84 insertions(+), 87 deletions(-)

diff --git a/app/__init__.py b/app/__init__.py
index ad128d22..2f429775 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -57,7 +57,7 @@ github = GitHub(app)
 csrf = CSRFProtect(app)
 mail = Mail(app)
 pages = FlatPages(app)
-babel = Babel(app)
+babel = Babel()
 gravatar = Gravatar(app,
 		size=64,
 		rating="g",
@@ -145,7 +145,6 @@ def server_error(e):
 	return render_template("500.html"), 500
 
 
-@babel.localeselector
 def get_locale():
 	if not request:
 		return None
@@ -163,12 +162,15 @@ def get_locale():
 		with models.db.create_session({})() as new_session:
 			new_session.query(models.User) \
 				.filter(models.User.username == current_user.username) \
-				.update({ "locale": locale })
+				.update({"locale": locale})
 			new_session.commit()
 
 	return locale
 
 
+babel.init_app(app, locale_selector=get_locale)
+
+
 @app.route("/set-locale/", methods=["POST"])
 @csrf.exempt
 def set_locale():
diff --git a/app/blueprints/packages/packages.py b/app/blueprints/packages/packages.py
index fd4d3e75..1a8ae885 100644
--- a/app/blueprints/packages/packages.py
+++ b/app/blueprints/packages/packages.py
@@ -20,7 +20,7 @@ from flask import render_template, make_response
 from celery import uuid
 from flask_wtf import FlaskForm
 from flask_login import login_required
-from jinja2 import Markup
+from jinja2.utils import markupsafe
 from sqlalchemy import func
 from sqlalchemy.orm import joinedload, subqueryload
 from wtforms import *
@@ -196,8 +196,7 @@ def shield(package, type):
 		url = "https://img.shields.io/static/v1?label=ContentDB&message={}&color={}" \
 			.format(urlescape(package.title), urlescape("#375a7f"))
 	elif type == "downloads":
-		#api_url = abs_url_for("api.package", author=package.author.username, name=package.name)
-		api_url = "https://content.minetest.net" + url_for("api.package", author=package.author.username, name=package.name)
+		api_url = abs_url_for("api.package", author=package.author.username, name=package.name)
 		url = "https://img.shields.io/badge/dynamic/json?color={}&label=ContentDB&query=downloads&suffix=+downloads&url={}" \
 			.format(urlescape("#375a7f"), urlescape(api_url))
 	else:
@@ -268,7 +267,7 @@ def handle_create_edit(package: typing.Optional[Package], form: PackageForm, aut
 					gettext("Package already exists, but is removed. Please contact ContentDB staff to restore the package"),
 					"danger")
 			else:
-				flash(Markup(
+				flash(markupsafe.Markup(
 					f"<a class='btn btn-sm btn-danger float-right' href='{package.getURL('packages.view')}'>View</a>" +
 					gettext("Package already exists")), "danger")
 			return None
diff --git a/app/flatpages/help.md b/app/flatpages/help.md
index 3e42ee44..042720da 100644
--- a/app/flatpages/help.md
+++ b/app/flatpages/help.md
@@ -9,29 +9,29 @@ toc: False
 
 ## General Help
 
-* [Frequently Asked Questions](faq)
-* [Content Ratings and Flags](content_flags)
-* [Non-free Licenses](non_free)
-* [Why WTFPL is a terrible license](wtfpl)
-* [Ranks and Permissions](ranks_permissions)
-* [Contact Us](contact_us)
-* [Top Packages Algorithm](top_packages)
-* [Featured Packages](featured)
+* [Frequently Asked Questions](faq/)
+* [Content Ratings and Flags](content_flags/)
+* [Non-free Licenses](non_free/)
+* [Why WTFPL is a terrible license](wtfpl/)
+* [Ranks and Permissions](ranks_permissions/)
+* [Contact Us](contact_us/)
+* [Top Packages Algorithm](top_packages/)
+* [Featured Packages](featured/)
 
 ## Help for Package Authors
 
 * [Package Inclusion Policy and Guidance](/policy_and_guidance/)
-* [Copyright Guide](copyright)
-* [Git Update Detection](update_config)
-* [Creating Releases using Webhooks](release_webhooks)
-* [Package Configuration and Releases Guide](package_config)
-* [Supported Games](game_support)
+* [Copyright Guide](copyright/)
+* [Git Update Detection](update_config/)
+* [Creating Releases using Webhooks](release_webhooks/)
+* [Package Configuration and Releases Guide](package_config/)
+* [Supported Games](game_support/)
 
 ## Help for Specific User Ranks
 
-* [Editors](editors)
+* [Editors](editors/)
 
 ## APIs
 
-* [API](api)
-* [Prometheus Metrics](metrics)
+* [API](api/)
+* [Prometheus Metrics](metrics/)
diff --git a/app/flatpages/help/faq.md b/app/flatpages/help/faq.md
index 25def94f..1e72752e 100644
--- a/app/flatpages/help/faq.md
+++ b/app/flatpages/help/faq.md
@@ -30,7 +30,7 @@ try registering again in 12 hours. Unconfirmed accounts are deleted after 12 hou
 
 **When changing your email (or it was set after a forum-based registration)**:
 then you can just set a new email in
-[Settings > Email and Notifications](https://content.minetest.net/user/settings/email/).
+[Settings > Email and Notifications](/user/settings/email/).
 
 If you have previously unsubscribed this email, then ContentDB is completely prevented from sending emails to that
 address. You'll need to use a different email address, or [contact rubenwardy](https://rubenwardy.com/contact/) to
diff --git a/app/flatpages/privacy_policy.md b/app/flatpages/privacy_policy.md
index b7587a6c..e2308378 100644
--- a/app/flatpages/privacy_policy.md
+++ b/app/flatpages/privacy_policy.md
@@ -79,7 +79,7 @@ requested. See below.
 
 ## Removal Requests
 
-Please [raise a report](https://content.minetest.net/report/?anon=0) if you
+Please [raise a report](/report/?anon=0) if you
 wish to remove your personal information.
 
 ContentDB keeps a record of each username and forum topic on the forums,
diff --git a/app/markdown.py b/app/markdown.py
index 0eb1f49f..88d04135 100644
--- a/app/markdown.py
+++ b/app/markdown.py
@@ -5,7 +5,8 @@ from bleach import Cleaner
 from bleach.linkifier import LinkifyFilter
 from bs4 import BeautifulSoup
 from markdown import Markdown
-from flask import Markup, url_for
+from flask import url_for
+from jinja2.utils import markupsafe
 from markdown.extensions import Extension
 from markdown.inlinepatterns import SimpleTagInlineProcessor
 from markdown.inlinepatterns import Pattern
@@ -16,7 +17,7 @@ from xml.etree import ElementTree
 #
 # License: MIT
 
-ALLOWED_TAGS = [
+ALLOWED_TAGS = {
 	"h1", "h2", "h3", "h4", "h5", "h6", "hr",
 	"ul", "ol", "li",
 	"p",
@@ -30,7 +31,7 @@ ALLOWED_TAGS = [
 	"img",
 	"table", "thead", "tbody", "tr", "th", "td",
 	"div", "span", "del", "s",
-]
+}
 
 ALLOWED_CSS = [
 	"highlight", "codehilite",
@@ -58,7 +59,7 @@ ALLOWED_ATTRIBUTES = {
 	"span": allow_class,
 }
 
-ALLOWED_PROTOCOLS = ["http", "https", "mailto"]
+ALLOWED_PROTOCOLS = {"http", "https", "mailto"}
 
 md = None
 
@@ -143,11 +144,11 @@ def init_markdown(app):
 
 	md = Markdown(extensions=MARKDOWN_EXTENSIONS,
 			extension_configs=MARKDOWN_EXTENSION_CONFIG,
-			output_format="html5")
+			output_format="html")
 
 	@app.template_filter()
 	def markdown(source):
-		return Markup(render_markdown(source))
+		return markupsafe.Markup(render_markdown(source))
 
 
 def get_headings(html: str):
diff --git a/requirements.lock.txt b/requirements.lock.txt
index 2dc4f976..6b2a77a8 100644
--- a/requirements.lock.txt
+++ b/requirements.lock.txt
@@ -1,82 +1,77 @@
-alembic==1.7.5
-amqp==5.0.9
-attrs==21.4.0
-Babel==2.9.1
-bcrypt==3.2.0
-beautifulsoup4==4.10.0
+alembic==1.10.3
+amqp==5.1.1
+async-timeout==4.0.2
+Babel==2.12.1
+bcrypt==4.0.1
+beautifulsoup4==4.12.2
 billiard==3.6.4.0
-bleach==4.1.0
-blinker==1.4
-celery==5.2.3
+bleach==6.0.0
+blinker==1.6.2
+celery==5.2.7
 certifi==2022.12.7
-cffi==1.15.0
-charset-normalizer==2.0.10
-click==8.0.3
+charset-normalizer==3.1.0
+click==8.1.3
 click-didyoumean==0.3.0
 click-plugins==1.1.1
 click-repl==0.2.0
-coverage==6.3
+coverage==7.2.3
 decorator==5.1.1
-Deprecated==1.2.13
-dnspython==2.2.0
-email-validator==1.1.3
-Flask==2.0.2
-Flask-Babel==2.0.0
+dnspython==2.3.0
+email-validator==2.0.0.post1
+exceptiongroup==1.1.1
+Flask==2.2.3
+flask-babel==3.1.0
 Flask-FlatPages==0.8.1
 Flask-Gravatar==0.5.0
-Flask-Login==0.5.0
+Flask-Login==0.6.2
 Flask-Mail==0.9.1
 Flask-Migrate==3.1.0
 Flask-SQLAlchemy==2.5.1
-Flask-WTF==1.0.0
-git-archive-all==1.23.0
-gitdb==4.0.9
+Flask-WTF==1.1.1
+git-archive-all==1.23.1
+gitdb==4.0.10
 GitHub-Flask==3.2.0
-GitPython==3.1.30
-greenlet==1.1.2
+GitPython==3.1.31
+greenlet==2.0.2
 gunicorn==20.1.0
-idna==3.3
-iniconfig==1.1.1
-itsdangerous==2.0.1
-Jinja2==3.0.3
-kombu==5.2.3
-libsass==0.21.0
-lxml==4.9.1
-Mako==1.2.2
-Markdown==3.3.6
-MarkupSafe==2.1.1
-packaging==21.3
+idna==3.4
+iniconfig==2.0.0
+itsdangerous==2.1.2
+Jinja2==3.1.2
+kombu==5.2.4
+libsass==0.22.0
+lxml==4.9.2
+Mako==1.2.4
+Markdown==3.4.3
+MarkupSafe==2.1.2
+packaging==23.1
 passlib==1.7.4
-Pillow==9.3.0
+Pillow==9.5.0
 pluggy==1.0.0
-prompt-toolkit==3.0.26
-psycopg2==2.9.3
-py==1.11.0
-pycparser==2.21
-Pygments==2.11.2
-pyparsing==3.0.7
-pytest==6.2.5
-pytest-cov==3.0.0
-pytz==2021.3
+prompt-toolkit==3.0.38
+psycopg2==2.9.6
+Pygments==2.15.1
+pytest==7.3.1
+pytest-cov==4.0.0
+pytz==2023.3
 PyYAML==6.0
-redis==4.4.4
-requests==2.27.1
+redis==4.5.4
+requests==2.28.2
 six==1.16.0
 smmap==5.0.0
-soupsieve==2.3.1
+soupsieve==2.4.1
 SQLAlchemy==1.4.31
 SQLAlchemy-Searchable==1.4.1
 SQLAlchemy-Utils==0.38.2
-toml==0.10.2
-tomli==2.0.0
-ua-parser==0.10.0
-urllib3==1.26.8
+tomli==2.0.1
+typing_extensions==4.5.0
+ua-parser==0.16.1
+urllib3==1.26.15
 user-agents==2.2.0
-validators==0.18.2
+validators==0.20.0
 vine==5.0.0
-wcwidth==0.2.5
+wcwidth==0.2.6
 webencodings==0.5.1
-Werkzeug==2.0.2
-wrapt==1.13.3
+Werkzeug==2.2.3
 WTForms==3.0.1
 WTForms-SQLAlchemy==0.3