Upgrade python to 3.11

.github/workflows/ci.yml

@@ -30,7 +30,7 @@ jobs:
       - name: Install Python
         uses: actions/setup-python@v4
         with:
-          python-version: '3.8'
+          python-version: '3.11'
       - name: Cache the .tox dir
         uses: actions/cache@v3
         with:
@@ -47,7 +47,7 @@ jobs:
       - name: Install Python
         uses: actions/setup-python@v4
         with:
-          python-version: '3.8'
+          python-version: '3.11'
       - name: Cache the .tox dir
         uses: actions/cache@v3
         with:
@@ -82,7 +82,7 @@ jobs:
       - name: Install Python
         uses: actions/setup-python@v4
         with:
-          python-version: '3.8'
+          python-version: '3.11'
       - name: Cache the .tox dir
         uses: actions/cache@v3
         with:
@@ -109,7 +109,7 @@ jobs:
       - name: Install Python
         uses: actions/setup-python@v4
         with:
-          python-version: '3.8'
+          python-version: '3.11'
       - name: Cache the .tox dir
         uses: actions/cache@v3
         with:
@@ -152,7 +152,7 @@ jobs:
       - name: Install Python
         uses: actions/setup-python@v4
         with:
-          python-version: '3.8'
+          python-version: '3.11'
       - name: Cache the .tox dir
         uses: actions/cache@v3
         with:

.python-version

@@ -1 +1 @@
-3.8.12
+3.11.7

Dockerfile

@@ -15,7 +15,7 @@ COPY h/static ./h/static
 RUN yarn build
 
 # Stage 2: Build the rest of the app using the build output from Stage 1.
-FROM python:3.8.12-alpine3.13
+FROM python:3.11.7-alpine3.19
 LABEL maintainer="Hypothes.is Project and contributors"
 
 # Install system build and runtime dependencies.

h/accounts/schemas.py

@@ -4,7 +4,7 @@
 
 import colander
 import deform
-from jinja2 import Markup
+from markupsafe import Markup
 
 from h import i18n, models
 from h.models.user import (

h/form.py

@@ -5,8 +5,8 @@
 form templates in preference to the defaults.
 """
 import deform
-import jinja2
 import pyramid_jinja2
+from markupsafe import Markup
 from pyramid import httpexceptions
 from pyramid.path import AssetResolver
 
@@ -45,7 +45,7 @@ def __call__(self, template_name, **kwargs):
         context = self._system.copy()
         context.update(kwargs)
 
-        return jinja2.Markup(template.render(context))
+        return Markup(template.render(context))
 
 
 def create_environment(base):

h/presenters/annotation_html.py

@@ -1,5 +1,5 @@
-import jinja2
 from dateutil import parser
+from markupsafe import Markup, escape
 
 from h.presenters.document_html import DocumentHTMLPresenter
 
@@ -16,7 +16,7 @@ def __init__(self, annotation):
 
     @property
     def uri(self):
-        return jinja2.escape(self.annotation.target_uri)
+        return escape(self.annotation.target_uri)
 
     @property
     def text_rendered(self):
@@ -28,15 +28,15 @@ def text_rendered(self):
         care of all necessary escaping.
         """
         if self.annotation.text_rendered:
-            return jinja2.Markup(self.annotation.text_rendered)
-        return jinja2.Markup("")
+            return Markup(self.annotation.text_rendered)
+        return Markup("")
 
     @property
     def quote(self):
         """Get the text in the document which this annotation refers to."""
         selection = self._get_selection()
         if selection:
-            return jinja2.escape(selection)
+            return escape(selection)
 
         return ""
 
@@ -55,12 +55,12 @@ def description(self):
 
         selection = self._get_selection()
         if selection:
-            selection = jinja2.escape(selection)
+            selection = escape(selection)
             description += f"<blockquote>{selection}</blockquote>"
 
         text = self.annotation.text
         if text:
-            text = jinja2.escape(text)
+            text = escape(text)
             description += f"{text}"
 
         return description
@@ -74,7 +74,7 @@ def created_day_string(self):
         date.
 
         """
-        created_string = jinja2.escape(self.annotation.created)
+        created_string = escape(self.annotation.created)
         return parser.parse(created_string).strftime("%Y-%m-%d")
 
     @property

h/presenters/document_html.py

@@ -1,6 +1,6 @@
 from urllib.parse import unquote, urlparse
 
-import jinja2
+import markupsafe
 
 
 class DocumentHTMLPresenter:
@@ -24,7 +24,7 @@ def filename(self):
 
         """
         if self.uri.lower().startswith("file:///"):
-            return jinja2.escape(self.uri.split("/")[-1])
+            return markupsafe.escape(self.uri.split("/")[-1])
         return ""
 
     @property
@@ -44,7 +44,7 @@ def href(self):
 
         """
         if self.document.web_uri:
-            return jinja2.escape(self.document.web_uri)
+            return markupsafe.escape(self.document.web_uri)
         return ""
 
     @property
@@ -64,14 +64,14 @@ def hostname_or_filename(self):
         object so that it doesn't get double-escaped.
         """
         if self.filename:
-            return jinja2.escape(unquote(self.filename))
+            return markupsafe.escape(unquote(self.filename))
 
         hostname = urlparse(self.uri).hostname
 
         # urlparse()'s .hostname is sometimes None.
         hostname = hostname or ""
 
-        return jinja2.escape(hostname)
+        return markupsafe.escape(hostname)
 
     @property
     def link(self):
@@ -129,7 +129,7 @@ def link_text(self):
         Markup object so it doesn't get double-escaped.
 
         """
-        title = jinja2.escape(self.title)
+        title = markupsafe.escape(self.title)
 
         # Sometimes self.title is the annotated document's URI (if the document
         # has no title). In those cases we want to remove the http(s):// from
@@ -160,17 +160,17 @@ def title(self):
             # Convert non-string titles into strings.
             # We're assuming that title cannot be a byte string.
             title = str(title)
-            return jinja2.escape(title)
+            return markupsafe.escape(title)
 
         if self.filename:
-            return jinja2.escape(unquote(self.filename))
+            return markupsafe.escape(unquote(self.filename))
 
-        return jinja2.escape(unquote(self.uri))
+        return markupsafe.escape(unquote(self.uri))
 
     @property
     def uri(self):
         if self.document.document_uris:
-            return jinja2.escape(self.document.document_uris[0].uri)
+            return markupsafe.escape(self.document.document_uris[0].uri)
         return ""
 
     @property
@@ -205,7 +205,7 @@ def truncate(content, length=55):
         if len(content) <= length:
             return content
 
-        return content[:length] + jinja2.Markup("&hellip;")
+        return content[:length] + markupsafe.Markup("&hellip;")
 
     host_or_filename = truncate(host_or_filename)
     link_text = truncate(link_text)
@@ -220,10 +220,10 @@ def truncate(content, length=55):
             link += "<br>{host_or_filename}"
 
     link = link.format(
-        href=jinja2.escape(href),
-        title=jinja2.escape(title),
-        link_text=jinja2.escape(link_text),
-        host_or_filename=jinja2.escape(host_or_filename),
+        href=markupsafe.escape(href),
+        title=markupsafe.escape(title),
+        link_text=markupsafe.escape(link_text),
+        host_or_filename=markupsafe.escape(host_or_filename),
     )
 
-    return jinja2.Markup(link)
+    return markupsafe.Markup(link)

h/views/accounts.py

@@ -4,7 +4,7 @@
 
 import colander
 import deform
-import jinja2
+from markupsafe import Markup
 from pyramid import httpexceptions, security
 from pyramid.exceptions import BadCSRFToken
 from pyramid.view import view_config, view_defaults
@@ -285,7 +285,7 @@ def _reset_password(self, user, password):
         svc.update_password(user, password)
 
         self.request.session.flash(
-            jinja2.Markup(
+            Markup(
                 _(
                     "Your password has been reset. You can now log in with "
                     "your new password."
@@ -321,7 +321,7 @@ def get_when_not_logged_in(self):
         activation = models.Activation.get_by_code(self.request.db, code)
         if activation is None:
             self.request.session.flash(
-                jinja2.Markup(
+                Markup(
                     _(
                         "We didn't recognize that activation link. "
                         "Have you already activated your account? "
@@ -340,7 +340,7 @@ def get_when_not_logged_in(self):
         user.activate()
 
         self.request.session.flash(
-            jinja2.Markup(
+            Markup(
                 _(
                     "Your account has been activated! "
                     "You can now log in using the password you provided."
@@ -369,14 +369,12 @@ def get_when_logged_in(self):
             # The user is already logged in to the account (so the account
             # must already be activated).
             self.request.session.flash(
-                jinja2.Markup(
-                    _("Your account has been activated and you're logged in.")
-                ),
+                Markup(_("Your account has been activated and you're logged in.")),
                 "success",
             )
         else:
             self.request.session.flash(
-                jinja2.Markup(
+                Markup(
                     _(
                         "You're already logged in to a different account. "
                         '<a href="{url}">Log out</a> and open the activation link '

h/views/activity.py

@@ -2,7 +2,7 @@
 
 from urllib.parse import urlparse
 
-from jinja2 import Markup
+from markupsafe import Markup
 from pyramid import httpexceptions
 from pyramid.view import view_config, view_defaults
 

h/views/admin/groups.py

@@ -1,4 +1,4 @@
-from jinja2 import Markup
+from markupsafe import Markup
 from pyramid.httpexceptions import HTTPFound
 from pyramid.view import view_config, view_defaults
 

h/views/admin/organizations.py

@@ -1,4 +1,4 @@
-from jinja2 import Markup
+from markupsafe import Markup
 from pyramid.httpexceptions import HTTPFound
 from pyramid.view import view_config, view_defaults
 from sqlalchemy import func

h/views/admin/users.py

@@ -1,4 +1,4 @@
-import jinja2
+from markupsafe import Markup
 from pyramid import httpexceptions
 from pyramid.view import view_config
 
@@ -70,7 +70,7 @@ def users_activate(request):
 
     request.session.flash(
         # pylint:disable=consider-using-f-string
-        jinja2.Markup(_("User {name} has been activated!".format(name=user.username))),
+        Markup(_("User {name} has been activated!".format(name=user.username))),
         "success",
     )
 
@@ -145,7 +145,7 @@ def users_delete(request):
 
 @view_config(context=UserNotFoundError)
 def user_not_found(exc, request):  # pragma: no cover
-    request.session.flash(jinja2.Markup(_(exc.message)), "error")
+    request.session.flash(Markup(_(exc.message)), "error")
     return httpexceptions.HTTPFound(location=request.route_path("admin.users"))