From c2141a4346e324ca1dd10a403cfe3bfc9c3653b4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Jan 2024 16:16:24 +0000
Subject: [PATCH 1/2] Bump certifi from 2022.12.7 to 2023.7.22

Bumps [certifi](https://github.com/certifi/python-certifi) from 2022.12.7 to 2023.7.22.
- [Commits](https://github.com/certifi/python-certifi/compare/2022.12.07...2023.07.22)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements.txt | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index daa241b0..d473422a 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -129,9 +129,9 @@ cachelib==0.9.0 \
     --hash=sha256:38222cc7c1b79a23606de5c2607f4925779e37cdcea1c2ad21b8bae94b5425a5 \
     --hash=sha256:811ceeb1209d2fe51cd2b62810bd1eccf70feba5c52641532498be5c675493b3
     # via flask-caching
-certifi==2022.12.7 \
-    --hash=sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3 \
-    --hash=sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18
+certifi==2023.7.22 \
+    --hash=sha256:539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082 \
+    --hash=sha256:92d6037539857d8206b8f6ae472e8b77db8058fec5937a1ef3f54304089edbb9
     # via
     #   -r requirements.in
     #   requests

From 34b95fe5d145a3d3a36dab59f7090133555a286c Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Wed, 3 Jan 2024 16:17:16 +0000
Subject: [PATCH 2/2] [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
---
 jazzband/hookserver.py | 82 ++++++++++++++++++++++--------------------
 1 file changed, 44 insertions(+), 38 deletions(-)

diff --git a/jazzband/hookserver.py b/jazzband/hookserver.py
index b138ed32..df50b824 100644
--- a/jazzband/hookserver.py
+++ b/jazzband/hookserver.py
@@ -17,9 +17,9 @@
 from flask import request
 from werkzeug.exceptions import BadRequest, Forbidden, ServiceUnavailable
 
-__author__ = 'Nick Frost'
-__version__ = '1.1.0'
-__license__ = 'MIT'
+__author__ = "Nick Frost"
+__version__ = "1.1.0"
+__license__ = "MIT"
 
 
 class Hooks(object):
@@ -31,52 +31,52 @@ class Hooks(object):
     :param url: the url that events will be posted to
     """
 
-    def __init__(self, app=None, url='/hooks'):
+    def __init__(self, app=None, url="/hooks"):
         """Initialize the extension."""
         self._hooks = {}
         if app is not None:
             self.init_app(app, url=url)
 
-    def init_app(self, app, url='/hooks'):
+    def init_app(self, app, url="/hooks"):
         """Register the URL route to the application.
 
         :param app: the optional :class:`~flask.Flask` instance to
                 register the extension
         :param url: the url that events will be posted to
         """
-        app.config.setdefault('VALIDATE_IP', True)
-        app.config.setdefault('VALIDATE_SIGNATURE', True)
+        app.config.setdefault("VALIDATE_IP", True)
+        app.config.setdefault("VALIDATE_SIGNATURE", True)
 
-        @app.route(url, methods=['POST'])
+        @app.route(url, methods=["POST"])
         def hook():
-            if app.config['VALIDATE_IP']:
+            if app.config["VALIDATE_IP"]:
                 if not is_github_ip(request.remote_addr):
-                    raise Forbidden('Requests must originate from GitHub')
+                    raise Forbidden("Requests must originate from GitHub")
 
-            if app.config['VALIDATE_SIGNATURE']:
-                key = app.config.get('GITHUB_WEBHOOKS_KEY', app.secret_key)
-                signature = request.headers.get('X-Hub-Signature')
+            if app.config["VALIDATE_SIGNATURE"]:
+                key = app.config.get("GITHUB_WEBHOOKS_KEY", app.secret_key)
+                signature = request.headers.get("X-Hub-Signature")
 
-                if hasattr(request, 'get_data'):
+                if hasattr(request, "get_data"):
                     # Werkzeug >= 0.9
                     payload = request.get_data()
                 else:
                     payload = request.data
 
                 if not signature:
-                    raise BadRequest('Missing signature')
+                    raise BadRequest("Missing signature")
 
                 if not check_signature(signature, key, payload):
-                    raise BadRequest('Wrong signature')
+                    raise BadRequest("Wrong signature")
 
-            event = request.headers.get('X-GitHub-Event')
-            guid = request.headers.get('X-GitHub-Delivery')
+            event = request.headers.get("X-GitHub-Event")
+            guid = request.headers.get("X-GitHub-Delivery")
             if not event:
-                raise BadRequest('Missing header: X-GitHub-Event')
+                raise BadRequest("Missing header: X-GitHub-Event")
             elif not guid:
-                raise BadRequest('Missing header: X-GitHub-Delivery')
+                raise BadRequest("Missing header: X-GitHub-Delivery")
 
-            if hasattr(request, 'get_json'):
+            if hasattr(request, "get_json"):
                 # Flask >= 0.10
                 data = request.get_json()
             else:
@@ -85,23 +85,25 @@ def hook():
             if event in self._hooks:
                 return self._hooks[event](data, guid)
             else:
-                return 'Hook not used\n'
+                return "Hook not used\n"
 
     def register_hook(self, hook_name, fn):
         """Register a function to be called on a GitHub event."""
         if hook_name not in self._hooks:
             self._hooks[hook_name] = fn
         else:
-            raise Exception('%s hook already registered' % hook_name)
+            raise Exception("%s hook already registered" % hook_name)
 
     def hook(self, hook_name):
         """A decorator that's used to register a new hook handler.
 
         :param hook_name: the event to handle
         """
+
         def wrapper(fn):
             self.register_hook(hook_name, fn)
             return fn
+
         return wrapper
 
 
@@ -121,16 +123,18 @@ def __init__(self, timeout):
 
     def __call__(self, fn):
         """Create the wrapped function."""
+
         @wraps(fn)
         def inner(*args, **kwargs):
             if self.last is None or time.time() - self.last > self.timeout:
                 self.cache = fn(*args, **kwargs)
                 self.last = time.time()
             return self.cache
+
         return inner
 
 
-def _load_github_hooks(github_url='https://api.github.com'):
+def _load_github_hooks(github_url="https://api.github.com"):
     """Request GitHub's IP block from their API.
 
     Return the IP network.
@@ -141,20 +145,22 @@ def _load_github_hooks(github_url='https://api.github.com'):
     If something else goes wrong, raise a generic 503.
     """
     try:
-        resp = requests.get(github_url + '/meta')
+        resp = requests.get(github_url + "/meta")
         if resp.status_code == 200:
-            return resp.json()['hooks']
+            return resp.json()["hooks"]
         else:
-            if resp.headers.get('X-RateLimit-Remaining') == '0':
-                reset_ts = int(resp.headers['X-RateLimit-Reset'])
-                reset_string = time.strftime('%a, %d %b %Y %H:%M:%S GMT',
-                                             time.gmtime(reset_ts))
-                raise ServiceUnavailable('Rate limited from GitHub until ' +
-                                         reset_string)
+            if resp.headers.get("X-RateLimit-Remaining") == "0":
+                reset_ts = int(resp.headers["X-RateLimit-Reset"])
+                reset_string = time.strftime(
+                    "%a, %d %b %Y %H:%M:%S GMT", time.gmtime(reset_ts)
+                )
+                raise ServiceUnavailable(
+                    "Rate limited from GitHub until " + reset_string
+                )
             else:
-                raise ServiceUnavailable('Error reaching GitHub')
+                raise ServiceUnavailable("Error reaching GitHub")
     except (KeyError, ValueError, requests.exceptions.ConnectionError):
-        raise ServiceUnavailable('Error reaching GitHub')
+        raise ServiceUnavailable("Error reaching GitHub")
 
 
 # So we don't get rate limited
@@ -178,15 +184,15 @@ def is_github_ip(ip_str):
 
 def check_signature(signature, key, data):
     """Compute the HMAC signature and test against a given hash."""
-    if isinstance(key, type(u'')):
+    if isinstance(key, type("")):
         key = key.encode()
 
-    digest = 'sha1=' + hmac.new(key, data, hashlib.sha1).hexdigest()
+    digest = "sha1=" + hmac.new(key, data, hashlib.sha1).hexdigest()
 
     # Covert everything to byte sequences
-    if isinstance(digest, type(u'')):
+    if isinstance(digest, type("")):
         digest = digest.encode()
-    if isinstance(signature, type(u'')):
+    if isinstance(signature, type("")):
         signature = signature.encode()
 
     return werkzeug.security.safe_str_cmp(digest, signature)