JARR is a web news aggregator.

jaesivsm, updated 🕥 2023-02-16 06:02:48

JARR

Presentation

JARR (which stands for Just Another RSS Reader) is a web-based news aggregator and reader.

JARR is under ongoing developments and functionnalities are regularly added. For past and futur updates see the milestones.

The particularity of this project is to allow for article Clustering either on links or on content through TF-IDF.

Official instance

You can use the instance of JARR run by the maintainer on app.jarr.info or try out the api at api.jarr.info.

Installation

To use and host your own instance of JARR please see installation instruction

Security

Please refer to the security instruction.

License

JARR is under the GNU Affero General Public License version 3.

Issues

Bump werkzeug from 2.1.2 to 2.2.3

opened on 2023-02-16 06:02:47 by dependabot[bot]

Bumps werkzeug from 2.1.2 to 2.2.3.

Release notes

Sourced from werkzeug's releases.

2.2.3

This is a fix release for the 2.2.x release branch.

Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-3

Milestone: https://github.com/pallets/werkzeug/milestone/26?closed=1

This release contains security fixes for:

https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323

https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q

2.2.2

This is a fix release for the 2.2.0 feature release.

Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-2

Milestone: https://github.com/pallets/werkzeug/milestone/25?closed=1

2.2.1

This is a fix release for the 2.2.0 feature release.

Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-1

Milestone: https://github.com/pallets/werkzeug/milestone/24?closed=1

2.2.0

This is a feature release, which includes new features and removes previously deprecated features. The 2.2.x branch is now the supported bugfix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-0

Milestone: https://github.com/pallets/werkzeug/milestone/20?closed=1

Changelog

Sourced from werkzeug's changelog.

Version 2.2.3

Released 2023-02-14

Ensure that URL rules using path converters will redirect with strict slashes when the trailing slash is missing. :issue:2533

Type signature for get_json specifies that return type is not optional when silent=False. :issue:2508

parse_content_range_header returns None for a value like bytes */-1 where the length is invalid, instead of raising an AssertionError. :issue:2531

Address remaining ResourceWarning related to the socket used by run_simple. Remove prepare_socket, which now happens when creating the server. :issue:2421

Update pre-existing headers for multipart/form-data requests with the test client. :issue:2549

Fix handling of header extended parameters such that they are no longer quoted. :issue:2529

LimitedStream.read works correctly when wrapping a stream that may not return the requested size in one read call. :issue:2558

A cookie header that starts with = is treated as an empty key and discarded, rather than stripping the leading ==.

Specify a maximum number of multipart parts, default 1000, after which a RequestEntityTooLarge exception is raised on parsing. This mitigates a DoS attack where a larger number of form/file parts would result in disproportionate resource use.

Version 2.2.2

Released 2022-08-08

Fix router to restore the 2.1 strict_slashes == False behaviour whereby leaf-requests match branch rules and vice versa. :pr:2489

Fix router to identify invalid rules rather than hang parsing them, and to correctly parse / within converter arguments. :pr:2489

Update subpackage imports in :mod:werkzeug.routing to use the import as syntax for explicitly re-exporting public attributes. :pr:2493

Parsing of some invalid header characters is more robust. :pr:2494

When starting the development server, a warning not to use it in a production deployment is always shown. :issue:2480

LocalProxy.__wrapped__ is always set to the wrapped object when the proxy is unbound, fixing an issue in doctest that would cause it to fail. :issue:2485

Address one ResourceWarning related to the socket used by run_simple. :issue:2421

... (truncated)

Commits

22a254f release version 2.2.3
517cac5 Merge pull request from GHSA-xg9f-g7g7-2323
babc8d9 rewrite docs about request data limits
09449ee clean up docs
fe899d0 limit the maximum number of multipart form parts
cf275f4 Merge pull request from GHSA-px8h-6qxv-m22q
8c2b4b8 don't strip leading = when parsing cookie
7c7ce5c [pre-commit.ci] pre-commit autoupdate (#2585)
19ae03e [pre-commit.ci] auto fixes from pre-commit.com hooks
a83d3b8 [pre-commit.ci] pre-commit autoupdate
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jaesivsm/JARR/network/alerts).

Cannot get feed news update

opened on 2023-02-12 12:17:34 by Cannaxuan

Dear François Schmidts,

Thanks for your work on JaRR. I used the instance of JARR run onapp.jarr.info and it works well.

However, after I git clone the project code from the master branch and run it on my local machine, I cannot get my feed news refreshed (see below).

Message fromjarr-jarr-server-1

2023-02-12 20:00:43 {"timestamp": "2023-02-12T12:00:43.583061Z", "message": "Starting new HTTPS connection (1): rss.nytimes.com:443", "host": "3ca8cebc6109", "path": "/jarr/.local/share/virtualenvs/jarr-08iWm22F/lib/python3.9/site-packages/urllib3/connectionpool.py", "tags": [], "level": "DEBUG", "logger": "urllib3.connectionpool", "msg": "Starting new HTTPS connection (%d): %s:%s", "stack_info": null} 2023-02-12 20:00:45 {"timestamp": "2023-02-12T12:00:45.446008Z", "message": "https://rss.nytimes.com:443 \"GET /services/xml/rss/nyt/World.xml HTTP/1.1\" 200 23215", "host": "3ca8cebc6109", "path": "/jarr/.local/share/virtualenvs/jarr-08iWm22F/lib/python3.9/site-packages/urllib3/connectionpool.py", "tags": [], "level": "DEBUG", "logger": "urllib3.connectionpool", "msg": "%s://%s:%s \"%s %s %s\" %s %s", "stack_info": null} 2023-02-12 20:00:45 {"timestamp": "2023-02-12T12:00:45.500295Z", "message": "'site_link' already field", "host": "3ca8cebc6109", "path": "/jarr/jarr/controllers/feed_builder.py", "tags": [], "level": "DEBUG", "logger": "jarr.controllers.feed_builder", "msg": "%r already field", "stack_info": null} 2023-02-12 20:00:45 {"timestamp": "2023-02-12T12:00:45.500663Z", "message": "'link' already field", "host": "3ca8cebc6109", "path": "/jarr/jarr/controllers/feed_builder.py", "tags": [], "level": "DEBUG", "logger": "jarr.controllers.feed_builder", "msg": "%r already field", "stack_info": null} 2023-02-12 20:00:45 {"timestamp": "2023-02-12T12:00:45.501529Z", "message": "Starting new HTTPS connection (1): www.nytimes.com:443", "host": "3ca8cebc6109", "path": "/jarr/.local/share/virtualenvs/jarr-08iWm22F/lib/python3.9/site-packages/urllib3/connectionpool.py", "tags": [], "level": "DEBUG", "logger": "urllib3.connectionpool", "msg": "Starting new HTTPS connection (%d): %s:%s", "stack_info": null} 2023-02-12 20:00:45 {"timestamp": "2023-02-12T12:00:45.781576Z", "message": "https://www.nytimes.com:443 \"GET /section/world HTTP/1.1\" 200 132407", "host": "3ca8cebc6109", "path": "/jarr/.local/share/virtualenvs/jarr-08iWm22F/lib/python3.9/site-packages/urllib3/connectionpool.py", "tags": [], "level": "DEBUG", "logger": "urllib3.connectionpool", "msg": "%s://%s:%s \"%s %s %s\" %s %s", "stack_info": null} 2023-02-12 20:00:45 {"timestamp": "2023-02-12T12:00:45.858585Z", "message": "Starting new HTTPS connection (1): www.nytimes.com:443", "host": "3ca8cebc6109", "path": "/jarr/.local/share/virtualenvs/jarr-08iWm22F/lib/python3.9/site-packages/urllib3/connectionpool.py", "tags": [], "level": "DEBUG", "logger": "urllib3.connectionpool", "msg": "Starting new HTTPS connection (%d): %s:%s", "stack_info": null} 2023-02-12 20:00:45 {"timestamp": "2023-02-12T12:00:45.935189Z", "message": "https://www.nytimes.com:443 \"GET /vi-assets/static-assets/favicon-d2483f10ef688e6f89e23806b9700298.ico HTTP/1.1\" 200 1671", "host": "3ca8cebc6109", "path": "/jarr/.local/share/virtualenvs/jarr-08iWm22F/lib/python3.9/site-packages/urllib3/connectionpool.py", "tags": [], "level": "DEBUG", "logger": "urllib3.connectionpool", "msg": "%s://%s:%s \"%s %s %s\" %s %s", "stack_info": null} 2023-02-12 20:00:48 {"timestamp": "2023-02-12T12:00:48.511595Z", "message": "Starting new HTTPS connection (1): www.nytimes.com:443", "host": "3ca8cebc6109", "path": "/jarr/.local/share/virtualenvs/jarr-08iWm22F/lib/python3.9/site-packages/urllib3/connectionpool.py", "tags": [], "level": "DEBUG", "logger": "urllib3.connectionpool", "msg": "Starting new HTTPS connection (%d): %s:%s", "stack_info": null} 2023-02-12 20:00:48 {"timestamp": "2023-02-12T12:00:48.711810Z", "message": "https://www.nytimes.com:443 \"GET /vi-assets/static-assets/favicon-d2483f10ef688e6f89e23806b9700298.ico HTTP/1.1\" 200 1671", "host": "3ca8cebc6109", "path": "/jarr/.local/share/virtualenvs/jarr-08iWm22F/lib/python3.9/site-packages/urllib3/connectionpool.py", "tags": [], "level": "DEBUG", "logger": "urllib3.connectionpool", "msg": "%s://%s:%s \"%s %s %s\" %s %s", "stack_info": null} 2023-02-12 20:01:20 {"timestamp": "2023-02-12T12:01:20.213941Z", "message": "WORKER TIMEOUT (pid:26)", "host": "3ca8cebc6109", "path": "/jarr/.local/share/virtualenvs/jarr-08iWm22F/lib/python3.9/site-packages/gunicorn/glogging.py", "tags": [], "level": "CRITICAL", "logger": "gunicorn.error", "msg": "WORKER TIMEOUT (pid:%s)", "stack_info": null} 2023-02-12 20:01:22 {"timestamp": "2023-02-12T12:01:22.465997Z", "message": "WORKER TIMEOUT (pid:9)", "host": "3ca8cebc6109", "path": "/jarr/.local/share/virtualenvs/jarr-08iWm22F/lib/python3.9/site-packages/gunicorn/glogging.py", "tags": [], "level": "CRITICAL", "logger": "gunicorn.error", "msg": "WORKER TIMEOUT (pid:%s)", "stack_info": null} 2023-02-12 20:08:56 {"timestamp": "2023-02-12T12:08:56.294236Z", "message": "WORKER TIMEOUT (pid:15)", "host": "3ca8cebc6109", "path": "/jarr/.local/share/virtualenvs/jarr-08iWm22F/lib/python3.9/site-packages/gunicorn/glogging.py", "tags": [], "level": "CRITICAL", "logger": "gunicorn.error", "msg": "WORKER TIMEOUT (pid:%s)", "stack_info": null}

Could you help me to solve this issue? The feed url is: https://rss.nytimes.com/services/xml/rss/nyt/World.xml

Many thanks! Canna

Bump ipython from 8.9.0 to 8.10.0

opened on 2023-02-11 02:35:08 by dependabot[bot]

Bumps ipython from 8.9.0 to 8.10.0.

Commits

15ea1ed release 8.10.0
560ad10 DOC: Update what's new for 8.10 (#13939)
7557ade DOC: Update what's new for 8.10
385d693 Merge pull request from GHSA-29gw-9793-fvw7
e548ee2 Swallow potential exceptions from showtraceback() (#13934)
0694b08 MAINT: mock slowest test. (#13885)
8655912 MAINT: mock slowest test.
a011765 Isolate the attack tests with setUp and tearDown methods
c7a9470 Add some regression tests for this change
fd34cf5 Swallow potential exceptions from showtraceback()
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

install on vps

opened on 2023-02-10 17:42:11 by KvizadSaderah

Hello sir!

Can you help me debug, again?

I'm trying to install JARR to VPS to my domain like https://example.com

And i'm using apache to route it, but can't achive result.

Can you help me what is wrong, and how to fix that?

cat prod.yml

``` version: '3' services: jarr-server: build: context: ../. dockerfile: ./Dockerfiles/server ports: - "127.0.0.1:8500:8000" # You'll a folder with at least jarr.json, logging.ini and gunicorn.py volumes: - ../example_conf/:/etc/jarr:ro depends_on: - postgres - redis - rabbitmq networks: jarr: jarr-front: build: context: ../. dockerfile: ./Dockerfiles/front args: PUBLIC_URL: http://example.com:8501/ REACT_APP_API_URL: http://localhost:8500/ ports: - "127.0.0.1:8501:80" depends_on: - jarr-server networks: - jarr jarr-worker: build: context: ../. dockerfile: ./Dockerfiles/server # You'll a folder with at least jarr.json, logging.ini and gunicorn.py volumes: - ../example_conf/:/etc/jarr:ro depends_on: - postgres - redis - rabbitmq networks: - jarr rabbitmq: container_name: rabbitmq hostname: rabbitmq image: rabbitmq networks: - jarr redis: container_name: redis hostname: redis image: redis networks: - jarr postgres: container_name: postgres hostname: postgres image: postgres:13 ports: - 127.0.0.1:5432:5432 networks: - jarr # remove that on real prod env and set proper db password environment: - POSTGRES_PASSWORD=E5XrjanDTeUUiG3P4caPHBnddcgBxYoTdPJ4SMdq7awLn3BBzz - POSTGRES_HOST_AUTH_METHOD=trust # Directory in which your db will save its data, change it to some absolute path volumes: - ../.jarr-data:/var/lib/postgresql/data

networks: jarr: ```

cat example.com.conf

``` ServerName example.com ServerAlias www.example.com ErrorLog /var/log/apache2/example-error.log CustomLog /var/log/apache2/example-access.log combined

# Redirect all HTTP traffic to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

```

upd: tried to run local on debian VM to (with default settings) to check if it works for me, or i'm doing something wrong from beginning, so it's works localy. But how to tide it to custom domain? that it would work? >_<

Bump cryptography from 39.0.0 to 39.0.1

opened on 2023-02-08 05:26:51 by dependabot[bot]

Bumps cryptography from 39.0.0 to 39.0.1.

Changelog

Sourced from cryptography's changelog.

39.0.1 - 2023-02-07

* **SECURITY ISSUE** - Fixed a bug where ``Cipher.update_into`` accepted Python buffer protocol objects, but allowed immutable buffers. **CVE-2023-23931** * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.8.

.. _v39-0-0:

Commits

d6951dc changelog + security fix backport (#8231)
138da90 workaround scapy bug in downstream tests (#8218) (#8228)
69527bc bookworm is py311 now (#8200)
111deef backport main branch CI to 39.0.x (#8153)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

Found a possible security concern

opened on 2022-07-06 10:08:40 by JamieSlome

Hello 👋

I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@saharshtapi) has found a potential issue, which I would be eager to share with you.

Could you add a SECURITY.md file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.

Looking forward to hearing from you 👍

(cc @huntr-helper)

Releases

v1.0.2 Madrid 2016-07-24 23:24:28

Various enhancement, improving installation process, fixing some article reading problem and small bug.

Issues closed by that release: - handling article with relative link in their content #43 - redoing the install process and moving conf from conf.py to a more secure jarr.json located either in /etc ~/.config/ or in the project directory #40 - adding JS validator for adding feed / category #38 - handling img treated as active mixed content (see here for explanations) #45 - handling known iframe (youtube and vimeo) so there are not blocked because of mixed content #44 - bugfix for feed's filters edition #42

Related milestone

v1.0.1 Divlyn 2016-05-03 08:59:24

Fixing bugs reported after v1.0.0, mostly UI and UX problem.

Issue closed with this ticket: - fixing display of article with large link #10 - various style fix #37 - Truncate very long titles in the item presentation component #25 - Add title attribute to buttons #26 - fix all dates #4 - negatif unread count when "marking all as read" #11

Related milestone

v1.0.0 Lisboa 2016-04-17 22:17:30

First stable release, see release note !

Issue closed with this ticket: - adding an oauth support for linuxfr #33 - JARR wasn't usable through firefox mobile because of a lib #31 - redo install process improvement #5 - couldn't delete user with feeds / article bug #32 - removing now useless pages #12 - mark all as read didn't hide listed article #23 - Fixing feed and category edition #21 - change favicon improvement minor #17 - limiting read/write rights through api #1

Related milestone

François

GitHub Repository Homepage

python rss atom feed-reader news-aggregator