Generate links that users can use to submit messages encrypted with your public key.

Overview

Hawkpost

Hawkpost lets you create unique links that you can share with the person that desires to send you important information but doesn't know how to deal with PGP.

You can deploy your own server using the code from this repository or use the official server (that is running an exact copy of this repo) at https://hawkpost.co.

Rationale

For many web and mobile development studios, no matter how hard they try to secure their client secrets (passwords, API keys, etc), the weakest link resides on the client most of the times, specially when he's not a tech savvy person. This project tries to help minimize this issue on the communication between both parties.

The way it works is like this:

  1. It fetches your public key.
  2. When the box is open and the secrets submitted, all the content is encrypted on the client side.
  3. The server then signs (experimental) the encrypted content.
  4. Finally the server forwards it to your e-mail address.

Setting up a development environment

In this section you can find the steps to setup a minimal development environment on your machine.

Base requirements:

  • Python 3
  • Redis
  • PostgreSQL

On Linux

On a Debian based operating system execute the following steps, after cloning the repository:

  • Install the dependencies
$ pipenv install
  • Create the local postgreSQL database with your user and no password

  • Migrate the database

$ pipenv run python manage.py migrate
  • Generate stylesheet with gulp (installation instructions for gulp can be found here)
$ gulp build
  • Now you should be able to launch the server and its workers
$ pipenv run python manage.py runserver
$ pipenv run celery -A hawkpost worker --beat -l info

You can avoid pipenv run in every command if you first active the virtual environment with pipenv shell.

Using Docker

To use this approach you need to have Docker and Docker Compose installed. Please note that since this project uses version 2 of the Compose file format you may need to update your Docker and Docker Compose to their latest versions.

Installation instructions for every platform are available at the Docker Engine Documentation. If you use Linux you'll have to install Docker Compose manually.

After having the latest Docker and Docker Compose installed, make the folder that will hold the GPG public keys keyring:

$ mkdir -p gpg_home

Some environment variables need to be set so the application works properly. Copy the provided .env.sample and name it .env:

$ cp .env.sample .env

Since this setup assumes containers talk to each other some of the variables need to be set in order to point to the containers' names.

Edit .env and set the following variables to these values:

DB_HOST=db
DB_USER=hawkpost
DB_PASSWORD=hawkpost
REDIS_URL=redis://redis:6379/0

Don't forget to set the remaining variables as well.

After setting .env correctly, just run (you may need to sudo depending on your setup)

# Run the databases in detached mode to avoid seeing the logs
$ docker-compose up -d db redis

# Perform the migrations
# (using `--rm` to remove the temporary container afterwards)
$ docker-compose run --rm web pipenv run python manage.py migrate

# Run the web and celery containers
# (`docker-compose up` would log db and redis as well)
$ docker-compose up web celery

These commands

  1. Run the db and the redis containers detached from the console, so we're not bothered by their logs while working on the application.
  2. Perform the migrations using a temporary web container; it is removed afterwards.
  3. Run the web and celery attached to the console.

The web container will reload on code changes.

You may access the application by opening http://<docker-network-ip> on your browser, which you can find by running (you may need to run this as root depending on your setup).

CID=$(docker ps | grep 'hawkpost_web' | cut -d ' ' -f 1)
docker inspect -f "{{ .NetworkSettings.Networks.hawkpost_default.Gateway }}" $CID

This IP won't change unless you remove every container and the corresponding network (manually), so you may alias it on your /etc/hosts (to something like hawkpost.test).

Note: This approach was not tested on OS X or Windows platforms, so the network feature may require additional steps.

Running the test suite

To execute our current test suite, you just need to execute the following command after setting up your local development environment:

$ pipenv run python manage.py test

In case you are using our docker setup the command should be:

$ docker-compose run --rm web pipenv run python manage.py test

Credits

Whitesmith

This project was born during an internal hackathon at Whitesmith, which is helping and supporting the current development.

Comments
  • Error encrypting message

    Error encrypting message

    Hello, I tried using hawkpost.co today and was experiencing the following error:

    openpgp.min.0ac5ae9c7d87.js:8 Uncaught (in promise) Error: Error encrypting message: Could not find valid key packet for encryption in key 3f77ce4377661af7
        at A (https://hawkpost.co/static/javascripts/openpgp.min.0ac5ae9c7d87.js:8:29141)
    

    This was happening here: https://hawkpost.co/box/ec362e6c-490f-42a1-9f0e-d04aa7c43378 when I clicked on the Encrypt and Send button. (The box should still be open since it Never expires.)

    My GPG Key fingerprint is F3140E4A8D56FF55792112EF3F77CE4377661AF7 and I added the key using the keyserver URL https://pgp.mit.edu/pks/lookup?op=get&fingerprint=on&search=0xF3140E4A8D56FF55792112EF3F77CE4377661AF7.

    I am assuming this is happening because I signed up using github, where my e-mail address is [email protected], but my public key has different e-mail adresses on it. I will probably delete the account and manually sign up with a matching e-mail address, but it might be good to inform users that their public key doesn't match their e-mail.

    bug help wanted prioritary 
    opened by jmesserli 10
  • Please Help - Unable to Get Email Working (Gmail/SMTP Possible?)

    Please Help - Unable to Get Email Working (Gmail/SMTP Possible?)

    Hey guys,

    So after eventually getting Hawkpost up and running on a fresh Ubuntu 16.04 installation, I'm having major troubles getting email to work for when a new user signs up.

    Being a small, simple, self hosted setup, I'd like to just use Gmail SMTP if possible as that's what every other service I run uses and I find it easiest for me personally. I'm not sure if that's not possible or if it's somehow evading me.

    I couldn't find anything hawkpost specific, so I've Google'd till I'm blue in the face, and in my .env file I started off with a basic configuration based on guidelines I've found:

    EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
    EMAIL_HOST = 'smtp.gmail.com'
    EMAIL_HOST_USER = '[redacted - my gmail address]'
    EMAIL_HOST_PASSWORD = '[redacted - gmail app password]'
    EMAIL_PORT = 587
    EMAIL_USE_TLS = True
    

    However, this throws the following error along with a long stack trace:

    smtplib.SMTPSenderRefused: (530, b'5.7.0 Must issue a STARTTLS command first. e18sm653160qtc.59 - gsmtp', '[redacted - my gmail address]')

    If I try changing the port to 465 and instead of "EMAIL_USE_TLS = True" I use "EMAIL_USE_SSL = True" then I get the following error after a long pause (again with a long stack trace):

    smtplib.SMTPServerDisconnected: Connection unexpectedly closed

    I've tried many, many other varying combinations of lines with and without the single quotes, changing the "EMAIL_BACKEND" to 'django_smtp_ssl.SSLEmailBackend', leaving that line out entirely (which throws a

    Gets: IndexError: string index out of range

    error , etc. etc. etc. but nothing has resulted in successful sending of emails.

    I would sincerely appreciate any help or guidance anyone could provide, as I'd really really like to get this working if at all possible. Thank you!!

    opened by dohlin 6
  • Unable to login

    Unable to login

    Hi,

    I installed hawkpost and tried to sign-up using email but nothing happened. And then tried to login using github, hawkpost said, "Server Error". How can I fix this issue?

    Python: 3.6.8 node.js: v10.16.0 OS: Debian GNU/Linux 10 (Buster)

    opened by mzch 5
  • reply_to is filled if the user is authenticated

    reply_to is filled if the user is authenticated

    Addresses #218

    This is a simple implementation of a requested feature. If a user is logged in when submitting a box, the reply_to field will be filled with his email address.

    We could added a field for users not logged in, however we would have to validate the users is not trying to impersonate (not providing is own email address).

    A possible improvement for this PR, would be to allow the logged in user to opt out of this feature. Would that be preferable?

    opened by dethos 5
  • Cannot delete account when signed-on via github.

    Cannot delete account when signed-on via github.

    I logged in with github SSO which went very well.

    After trying to add my key which didn't work (fingerprint kept mismatching, and key is invalid error. This could be my fault), I wanted to delete my account.

    I clicked on the Do you wish to delete your account? if yes, just click here link on the settings page.

    I then was asked for my password which, obviously, I hadn't need to set.

    and without a password I can't delete my account...

    Could this be fixed?

    bug Hacktoberfest good first issue 
    opened by techhazard 4
  • Email users

    Email users

    When the administrator of one Hawkpost instance wants to communicate to its users an issue or important information, such as downtime for maintenance, it now can use this simple built in feature.

    opened by dethos 4
  • Docker installation with Compose doesn't work following README

    Docker installation with Compose doesn't work following README

    Hi all!

    I've been trying to install Hawkpost with Docker Compose following the instructions in the README but I'm having issues. The build doesn't seem to be installing pipenv correctly and I'm getting the following:

    Step 8/11 : RUN pipenv install --dev
     ---> Running in e677cf55a8e8 
    Warning: Python 3.6 was not found on your system… 
    You can specify specific versions of Python with: 
      $ pipenv --python path/to/python
    The command '/bin/sh -c pipenv install --dev' returned a non-zero code: 1
    

    Is Docker installation actively supported for Hawkpost?

    opened by lpulley 3
  • 212 password change

    212 password change

    Fixes #212

    • Updates UpdateUserInfoForm to accept password change;
    • Add "Change Password" section in the settings forms;
    • Modify the settings form javascript to work for N tabs
    opened by Lobosque 3
  • Build a roadmap.

    Build a roadmap.

    Hi All,

    This looks like a super nice idea. It'd be good if there was some sort of roadmap so we can get an idea on when it gets to 1.0.0, after which we'll look it implementing it. Is there some list of tasks that block 1.0.0?

    Cheers,

    discussion 
    opened by andrewhowdencom 3
  • Check for expired and revoked keys

    Check for expired and revoked keys

    This PR handles the following issues:

    • Fixes a bug that lets the users submit a key, without fingerprint check
    • Add revoke and expiration checks to settings form
    • Adds a daily task to update and check the users keys (Issue: https://github.com/whitesmith/hawkpost/issues/1)
    opened by dethos 3
  • Javascript disabled

    Javascript disabled

    Handle the situations when the JavaScript it disabled on the browser.

    This is an attempt to fix the following issue: https://github.com/whitesmith/hawkpost/issues/33

    opened by dethos 3
  • Bump django-dotenv from 1.4.1 to 1.4.2

    Bump django-dotenv from 1.4.1 to 1.4.2

    Bumps django-dotenv from 1.4.1 to 1.4.2.

    Release notes

    Sourced from django-dotenv's releases.

    v1.4.2

    Commits
    • 4a3ea82 Merge pull request #27 from alexdlaird/feature-26-adl-overwrite-flag
    • fa0a6fe #26 Bumping version number.
    • fecf473 #26 Removing Python 3.3 references from other files.
    • 8836e69 #26 Removing PY33, as interpreter no longer support by Travis CI.
    • 6f6cac1 #79: Adding an "overwrite" flag to read_dotenv, False by default.
    • fb0fb72 Merge pull request #22 from merwok-forks/fix-warning-stacklevel
    • f879413 Fix line length
    • 4c5b61c Show calling function in warning
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 0
  • Bump whitenoise from 4.1.4 to 5.3.0

    Bump whitenoise from 4.1.4 to 5.3.0

    Bumps whitenoise from 4.1.4 to 5.3.0.

    Changelog

    Sourced from whitenoise's changelog.

    5.3.0 (2021-07-16)

    • Gracefully handle unparsable If-Modified-Since headers (thanks @danielegozzi <https://github.com/danielegozzi>_).
    • Test against Django 3.2 (thanks @jhnbkr <https://github.com/jhnbkr>_).
    • Add mimetype for Markdown (.md) files (thanks @bz2 <https://github.com/bz2>_).
    • Various documentation improvements (thanks @PeterJCLaw <https://github.com/PeterJCLaw>_ and @AliRn76 <https://github.com/AliRn76>_).

    5.2.0 (2020-08-04)

    • Add support for relative STATIC_URLs <https://docs.djangoproject.com/en/3.1/ref/settings/#std:setting-STATIC_URL>_ in settings, as allowed in Django 3.1.
    • Add mimetype for .mjs (JavaScript module) files and use recommended text/javascript mimetype for .js files (thanks @hanswilw <https://github.com/hanswilw>_).
    • Various documentation improvements (thanks @lukeburden <https://github.com/lukeburden>_).

    5.1.0 (2020-05-20)

    • Add a :any:manifest_strict <WHITENOISE_MANIFEST_STRICT> setting to prevent Django throwing errors when missing files are referenced (thanks @MegacoderKim <https://github.com/MegacoderKim>_).

    5.0.1 (2019-12-12)

    • Fix packaging to indicate only Python 3.5+ compatibiity (thanks @mdalp <https://github.com/mdalp>_).

    5.0 (2019-12-10)

    .. note:: This is a major version bump, but only because it removes Python 2 compatibility. If you were already running under Python 3 then there should be no breaking changes.

    WhiteNoise is now tested on Python 3.5--3.8 and Django 2.0--3.0.

    Other changes include:

    • Fix incompatibility with Django 3.0 which caused problems with Safari (details here <https://github.com/evansd/whitenoise/issues/240>). Thanks @paltman <https://github.com/paltman> and @giilby <https://github.com/giilby>_ for diagnosing.
    • Lots of improvements to the test suite (including switching to py.test).

    ... (truncated)

    Commits
    • 0632866 Release version 5.3.0
    • c8b49a2 Merge pull request #281 from jhnbkr/master
    • 870813f Merge pull request #267 from bz2/media_md
    • e504d4a Merge pull request #287 from danielegozzi/master
    • 5b58695 Ignore unparsable If-Modified-Since headers and return the file
    • d1868be Added support for Django 3.2
    • 855c05e Merge pull request #278 from PeterJCLaw/secure-links
    • 5fb5d57 Make these various links secure
    • de827c9 Merge pull request #269 from AliRn76/master
    • cc49b0b Update the STATIC_ROOT for Django 3.1
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 0
  • Bump qs and browser-sync

    Bump qs and browser-sync

    Bumps qs to 6.11.0 and updates ancestor dependency browser-sync. These dependencies need to be updated together.

    Updates qs from 6.5.2 to 6.11.0

    Changelog

    Sourced from qs's changelog.

    6.11.0

    • [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#442)
    • [readme] fix version badge

    6.10.5

    • [Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

    6.10.4

    • [Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#441)
    • [meta] use npmignore to autogenerate an npmignore file
    • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

    6.10.3

    • [Fix] parse: ignore __proto__ keys (#428)
    • [Robustness] stringify: avoid relying on a global undefined (#427)
    • [actions] reuse common workflows
    • [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

    6.10.2

    • [Fix] stringify: actually fix cyclic references (#426)
    • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
    • [readme] remove travis badge; add github actions/codecov badges; update URLs
    • [Docs] add note and links for coercing primitive values (#408)
    • [actions] update codecov uploader
    • [actions] update workflows
    • [Tests] clean up stringify tests slightly
    • [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

    6.10.1

    • [Fix] stringify: avoid exception on repeated object values (#402)

    6.10.0

    • [New] stringify: throw on cycles, instead of an infinite loop (#395, #394, #393)
    • [New] parse: add allowSparse option for collapsing arrays with missing indices (#312)
    • [meta] fix README.md (#399)
    • [meta] only run npm run dist in publish, not install
    • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape
    • [Tests] fix tests on node v0.6
    • [Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run
    • [Tests] Revert "[meta] ignore eclint transitive audit warning"

    6.9.7

    • [Fix] parse: ignore __proto__ keys (#428)
    • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
    • [Robustness] stringify: avoid relying on a global undefined (#427)
    • [readme] remove travis badge; add github actions/codecov badges; update URLs
    • [Docs] add note and links for coercing primitive values (#408)
    • [Tests] clean up stringify tests slightly
    • [meta] fix README.md (#399)
    • Revert "[meta] ignore eclint transitive audit warning"

    ... (truncated)

    Commits
    • 56763c1 v6.11.0
    • ddd3e29 [readme] fix version badge
    • c313472 [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option
    • 95bc018 v6.10.5
    • 0e903c0 [Fix] stringify: with arrayFormat: comma, properly include an explicit `[...
    • ba9703c v6.10.4
    • 4e44019 [Fix] stringify: with arrayFormat: comma, include an explicit [] on a s...
    • 113b990 [Dev Deps] update object-inspect
    • c77f38f [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, tape
    • 2cf45b2 [meta] use npmignore to autogenerate an npmignore file
    • Additional commits viewable in compare view

    Updates browser-sync from 2.26.14 to 2.27.11

    Release notes

    Sourced from browser-sync's releases.

    2.27.9

    What's Changed

    A bug prevented the help output from displaying - it was introduced when the CLI parser yargs was updated, and is now fixed :)

    Full Changelog: https://github.com/BrowserSync/browser-sync/compare/v2.27.8...v2.27.9

    2.27.8

    This release upgrades Socket.io (client+server) to the latest versions - solving the following issues, and silencing security warning :)

    PR:

    Resolved Issues:

    Thanks to @​lachieh for the original PR, which helped me land this fix

    added snippet: boolean option

    This release adds a feature to address BrowserSync/browser-sync#1882

    Sometimes you don't want Browsersync to auto-inject it's connection snippet into your HTML - now you can disable it globally via either a CLI param or the new snippet option :)

    browser-sync . --no-snippet
    

    or in any Browsersync configuration

    const config = {
      snippet: false,
    };
    

    the original request was related to Eleventy usage, so here's how that would look

    eleventyConfig.setBrowserSyncConfig({
      snippet: false,
    });
    
    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump django-timezone-field from 2.0 to 4.2.3

    Bump django-timezone-field from 2.0 to 4.2.3

    Bumps django-timezone-field from 2.0 to 4.2.3.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 0
  • Bump scss-tokenizer and gulp-sass

    Bump scss-tokenizer and gulp-sass

    Removes scss-tokenizer. It's no longer used after updating ancestor dependency gulp-sass. These dependencies need to be updated together.

    Removes scss-tokenizer

    Updates gulp-sass from 4.1.0 to 5.1.0

    Release notes

    Sourced from gulp-sass's releases.

    v5.1.0

    Huge shout out to @​XhmikosR for putting a ton of effort into this release 🎉

    What's Changed

    New Contributors

    Full Changelog: https://github.com/dlmanning/gulp-sass/compare/v5.0.0...v5.1.0

    v5.0.0

    First and foremost a huge shout out to @​mxmason for making this long awaited release possible <3

    Breaking changes

    • Require Node >= 12
    • Require Gulp 4
    • Drop dependency on the deprecate node-sass
    • Remove hardcoded default Sass compiler

    Upgrading to v5

    It is now required to explicitly install a Sass compiler.

    npm install gulp-sass sass
    </tr></table> 
    

    ... (truncated)

    Changelog

    Sourced from gulp-sass's changelog.

    gulp-sass Changelog

    v5.0.0

    June 25, 2021

    https://github.com/dlmanning/gulp-sass/releases/tag/v5.0.0

    v4.1.1

    June 24, 2021

    https://github.com/dlmanning/gulp-sass/releases/tag/v4.1.1

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump axios and localtunnel

    Bump axios and localtunnel

    Bumps axios and localtunnel. These dependencies needed to be updated together. Updates axios from 0.21.1 to 0.21.4

    Release notes

    Sourced from axios's releases.

    v0.21.4

    Fixes and Functionality:

    • Fixing JSON transform when data is stringified. Providing backward compatibility and complying to the JSON RFC standard (#4020)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

    v0.21.3

    Fixes and Functionality:

    • Fixing response interceptor not being called when request interceptor is attached (#4013)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

    v0.21.2

    Fixes and Functionality:

    • Updating axios requests to be delayed by pre-emptive promise creation (#2702)
    • Adding "synchronous" and "runWhen" options to interceptors api (#2702)
    • Updating of transformResponse (#3377)
    • Adding ability to omit User-Agent header (#3703)
    • Adding multiple JSON improvements (#3688, #3763)
    • Fixing quadratic runtime and extra memory usage when setting a maxContentLength (#3738)
    • Adding parseInt to config.timeout (#3781)
    • Adding custom return type support to interceptor (#3783)
    • Adding security fix for ReDoS vulnerability (#3980)

    Internal and Tests:

    • Updating build dev dependancies (#3401)
    • Fixing builds running on Travis CI (#3538)
    • Updating follow rediect version (#3694, #3771)
    • Updating karma sauce launcher to fix failing sauce tests (#3712, #3717)
    • Updating content-type header for application/json to not contain charset field, according do RFC 8259 (#2154)
    • Fixing tests by bumping karma-sauce-launcher version (#3813)
    • Changing testing process from Travis CI to GitHub Actions (#3938)

    Documentation:

    • Updating documentation around the use of AUTH_TOKEN with multiple domain endpoints (#3539)
    • Remove duplication of item in changelog (#3523)
    • Fixing gramatical errors (#2642)
    • Fixing spelling error (#3567)
    • Moving gitpod metion (#2637)
    • Adding new axios documentation website link (#3681, #3707)
    • Updating documentation around dispatching requests (#3772)

    ... (truncated)

    Changelog

    Sourced from axios's changelog.

    0.21.4 (September 6, 2021)

    Fixes and Functionality:

    • Fixing JSON transform when data is stringified. Providing backward compatability and complying to the JSON RFC standard (#4020)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

    0.21.3 (September 4, 2021)

    Fixes and Functionality:

    • Fixing response interceptor not being called when request interceptor is attached (#4013)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

    0.21.2 (September 4, 2021)

    Fixes and Functionality:

    • Updating axios requests to be delayed by pre-emptive promise creation (#2702)
    • Adding "synchronous" and "runWhen" options to interceptors api (#2702)
    • Updating of transformResponse (#3377)
    • Adding ability to omit User-Agent header (#3703)
    • Adding multiple JSON improvements (#3688, #3763)
    • Fixing quadratic runtime and extra memory usage when setting a maxContentLength (#3738)
    • Adding parseInt to config.timeout (#3781)
    • Adding custom return type support to interceptor (#3783)
    • Adding security fix for ReDoS vulnerability (#3980)

    Internal and Tests:

    • Updating build dev dependancies (#3401)
    • Fixing builds running on Travis CI (#3538)
    • Updating follow rediect version (#3694, #3771)
    • Updating karma sauce launcher to fix failing sauce tests (#3712, #3717)
    • Updating content-type header for application/json to not contain charset field, according do RFC 8259 (#2154)
    • Fixing tests by bumping karma-sauce-launcher version (#3813)
    • Changing testing process from Travis CI to GitHub Actions (#3938)

    Documentation:

    • Updating documentation around the use of AUTH_TOKEN with multiple domain endpoints (#3539)
    • Remove duplication of item in changelog (#3523)

    ... (truncated)

    Commits
    • 66c4602 Merge branch 'master' into release/0.21.4
    • fc15665 [Releasing] v0.21.4
    • c2714f0 [Updating] incorrect JSON syntax in README.md
    • 0fc7248 fix json transform when data is pre-stringified (#4020)
    • 90205f8 Change headers type to string record (#3021)
    • 92b29d2 Make the default type of response data never (#3002)
    • 4eeb3b1 Improved type-safety for AxiosRequestConfig (#2995)
    • cd7ff04 Adding HTTP status code to error.toJSON (#2956)
    • b5a1a67 Adding nodejs http.request option: insecureHTTPParser (#2930)
    • 4f25380 Exposing the Axios constructor in index.d.ts (#2872)
    • Additional commits viewable in compare view
    Maintainer changes

    This version was pushed to npm by jasonsaayman, a new releaser for axios since your current version.


    Updates localtunnel from 2.0.1 to 2.0.2

    Changelog

    Sourced from localtunnel's changelog.

    2.0.2 (2021-09-18)

    • Upgrade dependencies
    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
    dependencies javascript 
    opened by dependabot[bot] 0
Releases(v1.3.0)
  • v1.3.0(Apr 8, 2019)

    This release updates several components to more recent versions, adds better flow to set up self-hosted instances and adds many small improvements to the overall software package. Logged users can now add their email to sent messages.

    Major Changes

    • Removed server sign experimental feature, since it had several compatibility issues #289
    • Added reply_to field to messages sent by logged in users #290

    Minor Changes and bug fixes

    • Changed the development workflow to use pipenv #281
    • Updated development environment setup instructions #81
    • Fix box description multi-line issue #280
    • Update OpenPGP.js to version 3 #284
    • Added meta description and alt text to home page #283
    • Fixed missing contact information on closed box page #287

    How to update from previous version

    Since the dependency management of the project changed. You will need to change the instruction you usually do to run the project. This time you will need to run the following commands after fetching the new code changes:

    • $ pipenv install
    • $ gulp build
    • $ pipenv run python manage.py collectstatic

    The deployment commands (such as celery and gunicorn) should now be preceded by pipenv run.

    Source code(tar.gz)
    Source code(zip)
  • v1.2.0(Apr 10, 2018)

    This release brings more control to the user key state, automating reminders of expiration for all keys and letting the user audit recent key changes. Also several annoying issues were fixed and more clear instructions were added to the front-end.

    Major changes:

    • Improved key verification. Now all users are notified, more than once, when their key is about to expire. #274
    • Key change log. In order to improve transparency and control to the user, all changes to their "public key" field are record and shown in the settings page. #275

    Minor changes and bug-fixes:

    • Updated the project dependencies (some with vulnerabilities) #256, #261
    • Fixed settings overlapping button issue #252
    • Added instructions to first time users, when the box list is empty #246
    • Users can now update their passwords (those who signed up using email+password) #254
    • Added instance information to the about page #262
    • Added custom error pages #265
    • Re-factor of the key verification function (key_state) #266
    • When generating the submit page, the owner key is verified #267
    • Updated openpgp.js to v2.5.3 #268 (solves the extended expiration problem described here)
    • Fix syntax error caused by an invalid translation block #276

    How to update from previous version

    In this version SUPPORT_NAME and SUPPORT_EMAIL environment variables are now required. So before going through any of the following steps add them to your environment or .env file.

    To update from the previous version, you need to run the following commands after fetching the new code changes:

    • $ pip install -r requirements/requirements.txt
    • $ gulp build
    • $ python manage.py collectstatic
    Source code(tar.gz)
    Source code(zip)
  • v1.1.0(Aug 4, 2017)

    Improvements in this release:

    • It is now possible to send small files (#242)
    • Hawkpost now supports multiple languages. At this moment the existing ones are Portuguese and English. (#237)
    • Added an extra protection for brute-force attacks to all login forms. (#244).

    How to upgrade:

    To upgrade from the previous version you should follow the normal procedure:

    • Pull sources
    • Install new dependencies through pip
    • Run Migrations
    • Compile the new CSS (gulp build)
    • Collect the new static assets
    • Start your service
    Source code(tar.gz)
    Source code(zip)
  • 1.0(Apr 19, 2017)

    This is the first official version. This means that during the last few months the code has been tested and all critical issues (know to date), related to the main feature and purpose of the application, were addressed.

    Source code(tar.gz)
    Source code(zip)
Owner
Whitesmith
Digital Product and Innovation Studio
Whitesmith
Insular email distribution - mail server as Docker images

Mailu is a simple yet full-featured mail server as a set of Docker images. It is free software (both as in free beer and as in free speech), open to s

Mailu 4.2k Jan 04, 2023
Generate links that users can use to submit messages encrypted with your public key.

Hawkpost Hawkpost lets you create unique links that you can share with the person that desires to send you important information but doesn't know how

Whitesmith 901 Dec 27, 2022
Zulip server and webapp - powerful open source team chat

Zulip overview Zulip is a powerful, open source group chat application that combines the immediacy of real-time chat with the productivity benefits of

Zulip 17k Jan 07, 2023
the first third-party instant messaging client for Google Hangouts

hangups hangups is the first third-party instant messaging client for Google Hangouts. It includes both a Python library and a reference client with a

Tom Dryer 1.7k Dec 25, 2022
ProPublica's collaborative tip-gathering framework. Import and manage CSV, Google Sheets and Screendoor data with ease.

Collaborate This is a web application for managing and building stories based on tips solicited from the public. This project is meant to be easy to s

ProPublica 86 Oct 18, 2022
Easy HTML form without PHP or JavaScript

This repository is no longer active. If you're looking for a simple and powerful hosted form API, please check out https://formspree.io. If you are in

Formspree 2.8k Dec 22, 2022
Build SMS applications with Python

RapidSMS RapidSMS is a free and open source framework for building interactive SMS applications, which integrates tightly with Django to provide a ric

RapidSMS 622 Dec 31, 2022
Askbot is a Django/Python Q&A forum. **Contributors README**: https://github.com/ASKBOT/askbot-devel#how-to-contribute. Commercial hosting of Askbot and support are available at https://askbot.com

ATTENTION: master branch is experimental, please read below Askbot - a Django Q&A forum platform This is Askbot project - open source Q&A system, like

ASKBOT 1.5k Dec 28, 2022
A free & open modern, fast email client with user-friendly encryption and privacy features

Welcome to Mailpile! Introduction Mailpile (https://www.mailpile.is/) is a modern, fast web-mail client with user-friendly encryption and privacy feat

mailpile 8.7k Jan 04, 2023
PyZMQ: Python bindings for zeromq

PyZMQ: Python bindings for ØMQ This package contains Python bindings for ØMQ. ØMQ is a lightweight and fast messaging implementation. PyZMQ should wor

The ZeroMQ project 3.2k Jan 02, 2023
Abilian Social Business Engine - an enterprise social networking / collaboration platform.

About Abilian SBE (Social Business Engine) is a platform for social business applications, and more specifically collaborative / enterprise 2.0 busine

Abilian open source projects 63 Dec 29, 2022
GitHub repository for the SecureDrop whistleblower platform. Do not submit tips here!

SecureDrop is an open-source whistleblower submission system that media organizations can use to securely accept documents from, and communicate with

Freedom of the Press Foundation 3.4k Jan 01, 2023
Indico - A feature-rich event management system, made @ CERN, the place where the Web was born.

Indico Indico is: 🗓 a general-purpose event management tool; 🌍 fully web-based; 🧩 feature-rich but also extensible through the use of plugins; ⚖️ O

Indico 1.4k Dec 31, 2022
Easy-to-use and powerful offline translation tool

Introduction Virtaal is a graphical program for doing translation. It is meant to be easy to use and powerful at the same time. Although the initial f

Translate 271 Nov 22, 2022
Online translation tool

Pootle Docs | Changes | Issues | Community Support | Contributing | Development Channel Pootle is an online translation and localization tool. It work

Translate 1.4k Jan 06, 2023
Synapse: Matrix reference homeserver

Synapse Contents Introduction About Matrix Support Synapse Installation Connecting to Synapse from a client Registering a new user from a client ACME

matrix.org 10.4k Jan 02, 2023
Read/sync your IMAP mailboxes (python2)

Upstream status (master branch): Upstream status (next branch): Financial contributors: Links: Official github code repository: offlineimap Website: w

OfflineIMAP 1.7k Dec 29, 2022
A wiki system with complex functionality for simple integration and a superb interface. Store your knowledge with style: Use django models.

django-wiki Django support The below table explains which Django versions are supported. Release Django Upgrade from 0.7.x 2.2, 3.0, 3.1 0.5 or 0.6 0.

django-wiki 1.6k Dec 28, 2022
Conference planning tool: CfP, scheduling, speaker management

pretalx is a conference planning tool focused on providing the best experience for organisers, speakers, reviewers, and attendees alike. It handles th

496 Dec 31, 2022
Securely and anonymously share files, host websites, and chat with friends using the Tor network

OnionShare OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor ne

Micah Lee 5.4k Jan 02, 2023