chore(deps): bump idna from 3.10 to 3.15#311
Open
dependabot[bot] wants to merge 16 commits into
Open
Conversation
`ln` is only bound to LnNode() when `BAPI_LN_NODE != "none"`. Every `await ln.X()` call in this file therefore NameErrors when the operator runs in bitcoin-only mode. The most-hit caller is NativePythonSystem.get_system_info() at app/system/impl/native_python.py:32, which always reads `lninfo.alias` and `lninfo.color` to populate SystemInfo. The NameError there breaks the SSE warmup pipeline (get_full_client_warmup_data_bitcoinonly in app/api/warmup.py:116): warmup_new_connections() — calls get_full_client_warmup_data_bitcoinonly() → get_system_info() (via NativePythonSystem) → get_ln_info() → NameError: name 'ln' is not defined The exception bubbles into the asyncio.gather(), which means new SSE subscribers in bitcoin-only mode never receive `btc_info` / `system_info` / `installed_app_status`. Their dashboards stay empty forever (only periodic `hardware_info` and `ping` events flow, because those run on separate gather loops). Two fixes in this commit: 1. Return a stub LnInfo from get_ln_info() when ln_node == "none". All required fields filled with empty strings / zeros; the stub round-trips through any caller that reads alias/color/num_* without error. Other ln-method callers (get_wallet_balance, list_invoices, ...) keep their original behavior — they'll only ever fire from LN-aware code paths anyway. 2. Drop the duplicate `if ln_node != "none": ln = LnNode()` block at lines 69-70 (clearly a merge artifact). Operator workaround used until this lands: enable lnd. After this fix, bitcoin-only mode works end-to-end against the nixblitz plugin streamer. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Extract the Python virtualenv build into `mkBlitzApi { pkgs, python ?
null }` and expose it as `lib.mkBlitzApi`. Rewrite `overlays.default`
to call the builder against the consumer's `prev` instead of pulling
from `self.packages.${system}` (which captured this flake's pinned
nixpkgs at flake-eval time and shut consumer overlays out of the
build hook).
Motivation: NixBlitz pulls blitz-api's flake via `builtins.getFlake`
to keep the plugin self-contained. Without a pkgs-agnostic builder,
the operator's nixpkgs overlays (Pi 5 jemalloc page-size patch and
similar platform fixes) couldn't reach blitz-api's build, so the
package would either fail to compile on Pi 5 or silently link
against this flake's pinned nixpkgs and pull a second snapshot of
glibc / openssl / etc. into the operator's closure.
The `packages.${system}.${name}` attribute is preserved as a
convenience pre-built using this flake's pinned nixpkgs; consumers
that want consumer-pkgs builds should use `overlays.default` or
`lib.mkBlitzApi` directly.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.10.1 to 2.12.0. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](jpadilla/pyjwt@2.10.1...2.12.0) --- updated-dependencies: - dependency-name: pyjwt dependency-version: 2.12.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [deepdiff](https://github.com/seperman/deepdiff) from 8.6.1 to 8.6.2. - [Release notes](https://github.com/seperman/deepdiff/releases) - [Changelog](https://github.com/qlustered/deepdiff/blob/master/docs/changelog.rst) - [Commits](https://github.com/seperman/deepdiff/commits) --- updated-dependencies: - dependency-name: deepdiff dependency-version: 8.6.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.5...v2.33.0) --- updated-dependencies: - dependency-name: requests dependency-version: 2.33.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pygments](https://github.com/pygments/pygments) from 2.19.1 to 2.20.0. - [Release notes](https://github.com/pygments/pygments/releases) - [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES) - [Commits](pygments/pygments@2.19.1...2.20.0) --- updated-dependencies: - dependency-name: pygments dependency-version: 2.20.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
--- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.13.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.2 to 9.0.3. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@9.0.2...9.0.3) --- updated-dependencies: - dependency-name: pytest dependency-version: 9.0.3 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.1.0 to 1.2.2. - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](theskumar/python-dotenv@v1.1.0...v1.2.2) --- updated-dependencies: - dependency-name: python-dotenv dependency-version: 1.2.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.22 to 0.0.27. - [Release notes](https://github.com/Kludex/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md) - [Commits](Kludex/python-multipart@0.0.22...0.0.27) --- updated-dependencies: - dependency-name: python-multipart dependency-version: 0.0.27 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Follow-up to #290 — same class of bug, different code path. list_payments() in cln_jrpc.py unconditionally indexed p["bolt11"] for any incomplete payment, causing a KeyError -> the function returned None and then list_all_tx() crashed with `TypeError: 'NoneType' object is not iterable`, returning HTTP 500 to the Transactions view. CLN's `listpays` does not include `bolt11` for keysend payments or for BOLT12 offer payments, so any node that has ever made one of those will hit this on every Transactions load. Fix: guard the bolt11 decode the same way #290 guards invoice fields — only decode when bolt11 is present, and fall back to amount_sent_msat when neither bolt11 nor amount_msat are available, so the payment still shows up in the list. Reproduced on RaspiBlitz v1.12.1 with Core Lightning v25.12.1 and a keysend payment in history.
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.3 to 2.7.0. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.6.3...2.7.0) --- updated-dependencies: - dependency-name: urllib3 dependency-version: 2.7.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [idna](https://github.com/kjd/idna) from 3.10 to 3.15. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md) - [Commits](kjd/idna@v3.10...v3.15) --- updated-dependencies: - dependency-name: idna dependency-version: '3.15' dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps idna from 3.10 to 3.15.
Changelog
Sourced from idna's changelog.
... (truncated)
Commits
af30a09Release 3.1530314d4Pre-release 3.15rc005d4b21Merge pull request #237 from kjd/convert-docs-to-markdown2987fdbConvert README and HISTORY from reStructuredText to Markdown59fa800Merge pull request #236 from kjd/dependabot/github_actions/actions-f3e34333eadef6983Merge branch 'master' into dependabot/github_actions/actions-f3e34333eabbd8004Merge pull request #234 from StanFromIreland/patch-1edd07c0Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group5557db0Merge branch 'master' into patch-1f11746cMerge pull request #235 from StanFromIreland/patch-2You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.