Safety vulnerability ID: 52664
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Biweeklybudget 1.1.0 updates its dependency 'cryptography' to v2.3.1 to include a security fix.
Latest version: 1.2.0
Responsive Flask/SQLAlchemy personal finance app, specifically for biweekly budgeting.
------------------
Breaking Changes
++++++++++++++++
* Support for Python versions prior to 3.8 have been dropped; Docker image and testing is now done against Python 3.10.
* Valid values for the ``PLAID_ENV`` setting / environment variable are now the strings "Production", "Development", or "Sandbox" to match the attribute names of ``plaid.configuration.Environment``. Previously these were lower-case instead of capitalized.
* The ``PLAID_PUBLIC_KEY`` setting / environment variable has been removed.
* OFX support is now **deprecated**; going forward, only Plaid will be supported.
All Changes
+++++++++++
* **Drop Python 2 Support and Python 3.5 Support** - biweeklybudget no longer supports Python 2 (2.7) or Python 3.5. Python versions 3.6-3.8 are tested, and development is now done on 3.8.
* `Issue 201 <https://github.com/jantman/biweeklybudget/issues/201>`_ - Fix **major** bug in calculation of "Remaining" amount for pay periods, when one or more periodic budgets have a greater amount spent than allocated and a $0 starting balance. In that case, we were using the allocated amount instead of the spent amount (i.e. if we had a periodic budget with a $0 starting balance and a $2 ScheduledTransaction, and converted that ScheduledTransaction to a $1000 Transaction, the overall PayPeriod remaining amount would be based on the $2 not the $1000).
* Add testing for Python 3.7 and 3.8, and make 3.8 the default for tests and tox environments.
* TravisCI updates for Python 3.7 and 3.8.
* Switch base image for Docker from ``python:3.6.4-alpine3.7`` to ``python:3.8.1-alpine3.11``.
* `Issue 198 <https://github.com/jantman/biweeklybudget/issues/198>`_ - Fix broken method of retrieving current US Prime Rate. Previously we used marketwatch.com for this but they've introduced javascript-based bot protection on their site (which is ironic since we were reading a value from the page's ``meta`` tags, which are specifically intended to be read by machines). Switch to using wsj.com instead and (ugh) parsing a HTML table. This *will* break when the format of the table changes. As previously, we cache this value in the DB for 48 hours in order to be a good citizen.
* `Issue 197 <https://github.com/jantman/biweeklybudget/issues/197>`_ - Add notification for case where balance of all budget-funding accounts is *more* than sum of standing budgets, current payperiod remaining, and unreconciled. This is the opposite of the similar notification that already exists, intended to detect if there is money in accounts not accounted for in the budgets.
* `Issue 196 <https://github.com/jantman/biweeklybudget/issues/196>`_ - Don't include inactive budgets in Budget select elements on Transaction Modal form, unless it's an existing Transaction using that budget.
* `Issue 204 <https://github.com/jantman/biweeklybudget/issues/204>`_ - Add support for account transfer between non-Credit accounts.
* Many dependency updates:
* Upgrade SQLAlchemy from 1.2.0 to 1.2.11 for `python 3 bug fix (4291) <https://docs.sqlalchemy.org/en/latest/changelog/changelog_12.html#change-2cca6c216347ab83d04c766452b48c1a>`_.
* Upgrade SQLAlchemy from 1.2.11 to 1.3.13 for `CVE-2019-7548 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7548>`_ and `CVE-2019-7164 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7164>`_.
* Upgrade Flask from 0.12.2 to 1.0.2 for `CVE-2018-1000656 <https://nvd.nist.gov/vuln/detail/CVE-2018-1000656>`_.
* Upgrade cryptography from 2.1.4 to 2.3.1 for `CVE-2018-10903 <https://nvd.nist.gov/vuln/detail/CVE-2018-10903>`_.
* Upgrade Jinja2 from 2.10 to 2.10.3 for `CVE-2019-10906 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10906>`_.
* Upgrade to latest version for all dependencies.
* Remove ``convert_unicode`` argument from SQLAlchemy DB engine arguments per SQLAlchemy 1.3 upgrade guide / `SQLAlchemy 4393 <https://github.com/sqlalchemy/sqlalchemy/issues/4393>`_.
* Numerous updates to fix ``tox`` tests.
* Implement transaction downloading via `Plaid <https://plaid.com/>`__.
* Switch tests from deprecated ``pep8`` / ``pytest-pep8`` packages to ``pycodestyle`` / ``pytest-pycodestyle``.
* Add optional ``VERSIONFINDER_DEBUG`` env var; set to ``true`` to enable logging for versionfinder / pip / git.
* Drop testing for Python 3.6; move default test environment to 3.9.
* Add ``git`` to Docker image.
* Move testing and runtime to Python 3.10, and get all test environments running successfully.
* Move CI from TravisCI to GitHub Actions and remove all traces of TravisCI.
* Add acceptance test coverage of the Plaid Link process.
* Updates for ``tox`` 4.0.6.
* Update Plaid API client to latest version
* Valid values for the ``PLAID_ENV`` setting / environment variable are now the strings "Production", "Development", or "Sandbox" to match the attribute names of ``plaid.configuration.Environment``.
* The ``PLAID_PUBLIC_KEY`` setting / environment variable has been removed.
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application