fix: vulnerable dependencies and clean up

.github/dependabot.yml

@@ -1,13 +1,12 @@
 version: 2
 updates:
-- package-ecosystem: pip
-  directory: "/"
-  schedule:
-    interval: weekly
-  open-pull-requests-limit: 10
-  reviewers:
-  - itsdebs
-- package-ecosystem: 'github-actions'
+  - package-ecosystem: pip
+    directory: "/"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: 'github-actions'
     directory: '/'
     schedule:
-      interval: 'weekly'
+      interval: 'weekly'

.github/workflows/build.yml

@@ -1,6 +1,5 @@
-name: Build
+name: Lint and Test
 on:
-  # workflow_dispatch:
   pull_request:
     branches: ['master']
     types: ['opened', 'reopened', 'synchronize']
@@ -11,38 +10,29 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: ["3.7", "3.8", "3.9", "3.10"]
-    # steps:
-    #   - uses: actions/checkout@v3
-    #   - name: Setup Python 3.10
-    #     uses: actions/setup-python@v4
-    #     with:
-    #       python-version: '3.10' 
-    #   # - run: python my_script.py
-
-    #   - name: Build
-    #     run: pip install --user mercurial
-    #   - name: Test Python
-    #     run: python3 test.py
+        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@v4
+
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
+
       - name: Install dependencies
         run: |
-          python -m pip install --upgrade pip
-          pip install flake8 pytest
-          if ![ -f requirements.txt ]; then pip list --format=freeze > requirements.txt; fi
+          pip install --upgrade pip
           pip install -r requirements.txt
 
-      - name: Lint with flake8
+      - name: Lint
         run: |
           # stop the build if there are Python syntax errors or undefined names
           flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+
           # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
           flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+
       - name: Test
         run: |
           python -m pytest

.github/workflows/check-pr-title.yml → .github/workflows/check_pr_title.yml

@@ -1,4 +1,5 @@
-name: Check PR title
+name: Check PR Title
+
 on:
   pull_request:
     branches: ['master']
@@ -7,10 +8,7 @@ on:
 jobs:
   check_pr_title:
     name: Check PR title
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, Linux, X64]
     steps:
-      - name: Checkout source branch
-        uses: actions/checkout@v3
-
       - name: Check PR title
-        uses: rudderlabs/[email protected].7
+        uses: rudderlabs/[email protected].11

.github/workflows/housekeeping.yaml

@@ -0,0 +1,41 @@
+name: Handle Stale PRs and Branches
+
+on:
+  schedule:
+    - cron: '1 0 * * *' # every day at 00:01
+
+jobs:
+  prs:
+    name: Clean up stale PRs
+    runs-on: [self-hosted, Linux, X64]
+
+    permissions:
+      issues: write
+      pull-requests: write
+
+    steps:
+      - uses: actions/stale@v9
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          operations-per-run: 200
+          stale-pr-message: "Hello! This PR has been open for 20 days without any activity. Therefore, it's considered as stale and is scheduled to be closed in 10 days. If you're still working on this, please remove the 'Stale' label or add a comment to keep it open. Thanks for your contribution!"
+          days-before-pr-stale: 20
+          days-before-pr-close: 10
+          stale-pr-label: 'Stale'
+
+  branches:
+    name: Clean up stale branches
+    runs-on: [self-hosted, Linux, X64]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Run delete-old-branches-action
+        uses: beatlabs/[email protected]
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          date: '2 months ago'
+          dry_run: false
+          delete_tags: false
+          extra_protected_branch_regex: ^(master)$
+          exclude_open_pr_branches: true

.gitignore

@@ -12,3 +12,4 @@ build
 .python-version
 **/.DS_Store
 .env
+venv

requirements.in

@@ -0,0 +1,10 @@
+backoff==2.2.1
+deprecation==2.1.0
+mock==4.0.3
+monotonic==1.6
+packaging==24.1
+pytest==7.4.4
+requests==2.32.3
+flake8==7.1.0
+python-dateutil==2.9.0
+python-dotenv==1.0.1

requirements.txt

@@ -1,38 +1,49 @@
-attrs>=22.1.0, <23.0.0
-backoff>=2.2.1, <3.0.0
-bleach>=4.1.0, <5.0.0
-certifi>=2023.7.22, <2024.0.0
-charset-normalizer>=2.0.10, <3.0.0
-colorama>=0.4.4, <0.5.0
-deprecation>=2.0.7, <3.0.0
-docutils>=0.18.1, <1.0.0
-exceptiongroup>=1.0.4, <2.0.0
-idna>=3.3, <4.0.0
-importlib-metadata>=4.10.1, <5.0.0
-iniconfig>=1.1.1, <2.0.0
-keyring>=23.5.0, <24.0.0
-mercurial>=6.3.1, <7.0.0
-mock>=4.0.3, <5.0.0
-monotonic>=1.6, <2.0.0
-packaging>=21.3, <22.0 
-pip>=21.3.1, <22.0.0
-pkginfo>=1.8.2, <2.0.0
-pluggy>=1.0.0, <2.0.0
-Pygments>=2.15.0, <3.0.0
-pyparsing>=3.0.7, <4.0.0
-pytest>=7.2.0, <8.0.0
-python-dateutil>=2.8.2, <3.0.0
-python-dotenv>=0.21.0, <2.0.0
-readme-renderer>=32.0, <33.0
-requests>=2.31.0, <3.0.0
-requests-toolbelt>=0.9.1, <1.0.0
-rfc3986>=2.0.0, <3.0.0
-setuptools>=65.5.1, <66.0.0
-six>=1.16.0, <2.0.0
-tomli>=2.0.1, <3.0.0 
-tqdm>=4.62.3, <5.0.0
-twine>=3.7.1, <4.0.0
-urllib3>=1.26.18, <2.0.0
-webencodings>=0.5.1, <1.0.0
-wheel>=0.38.4, <1.0.0
-zipp>=3.7.0, <4.0.0
+#
+# This file is autogenerated by pip-compile with Python 3.12
+# by the following command:
+#
+#    pip-compile requirements.in
+#
+backoff==2.2.1
+    # via -r requirements.in
+certifi==2024.6.2
+    # via requests
+charset-normalizer==3.3.2
+    # via requests
+deprecation==2.1.0
+    # via -r requirements.in
+flake8==7.1.0
+    # via -r requirements.in
+idna==3.7
+    # via requests
+iniconfig==2.0.0
+    # via pytest
+mccabe==0.7.0
+    # via flake8
+mock==4.0.3
+    # via -r requirements.in
+monotonic==1.6
+    # via -r requirements.in
+packaging==24.1
+    # via
+    #   -r requirements.in
+    #   deprecation
+    #   pytest
+pluggy==1.5.0
+    # via pytest
+pycodestyle==2.12.0
+    # via flake8
+pyflakes==3.2.0
+    # via flake8
+pytest==7.4.4
+    # via -r requirements.in
+python-dateutil==2.9.0
+    # via -r requirements.in
+python-dotenv==1.0.1
+    # via -r requirements.in
+requests==2.32.3
+    # via -r requirements.in
+six==1.16.0
+    # via python-dateutil
+urllib3==2.2.2
+    # via requests

rudderstack/analytics/version.py

@@ -1 +1 @@
-VERSION = '2.1.1'
+VERSION = '2.1.2'

setup.cfg

@@ -2,4 +2,4 @@
 universal = 1
 
 [metadata]
-description-file = README.md
+description_file = README.md

setup.py

@@ -1,48 +1,36 @@
-import os
 import sys
-
-try:
-    from setuptools import setup
-except ImportError:
-    from distutils.core import setup
+from setuptools import setup, find_packages
+from pathlib import Path
 
 # Don't import rudder_analytics module here, since deps may not be installed
-sys.path.insert(0, os.path.join(os.path.dirname(__file__), 'rudderstack', 'analytics'))
+sys.path.insert(0, str(Path(__file__).resolve().parent / 'rudderstack' / 'analytics'))
 from rudderstack.analytics.version import VERSION
 
-long_description = '''
-RudderStack is a platform for collecting, storing and routing customer event data to dozens
-of tools. RudderStack is open-source, can run in your cloud environment
-(AWS, GCP, Azure or even your data-centre) and provides a powerful transformation
-framework to process your event data on the fly.
-'''
+long_description = (Path(__file__).resolve().parent / 'README.md').read_text(encoding='utf-8')
 
 install_requires = [
-    "requests>=2.8,<3.0",
-    "monotonic>=1.5,<2.0",
-    "backoff>=2.1,<3.0",
-    "python-dateutil>=2.2,<3.0",
-    "python-dotenv>=0.21.0,<2.0.0",
-    "deprecation>=2.0.6,<3.0.0",
+    "requests>=2.32.3,<3.0",
+    "monotonic>=1.6,<2.0",
+    "backoff>=2.2.1,<3.0",
+    "deprecation>=2.1.0,<3.0.0",
 ]
 
 tests_require = [
-    "mock==2.0.0",
-    "pylint==2.8.0",
-    "flake8==3.7.9",
+    "mock==4.0.3",
+    "flake8==7.1.0",
 ]
 
 setup(
     name='rudder-sdk-python',
     version=VERSION,
     url='https://github.com/rudderlabs/rudder-sdk-python',
-    author='Rudderstack',
+    author='RudderStack',
     author_email='[email protected]',
-    maintainer='Rudderstack',
+    maintainer='RudderStack',
     maintainer_email='[email protected]',
     test_suite='rudderstack.analytics.test.all',
-    packages=['rudderstack.analytics', 'rudderstack.analytics.test'],
-    python_requires='>=3.6.0',
+    packages=find_packages(exclude=["tests*"]),
+    python_requires='>=3.8.0',
     license='MIT License',
     install_requires=install_requires,
     keywords=['rudder', 'rudderstack', 'analytics'],
@@ -51,15 +39,21 @@
     },
     description='RudderStack is an open-source Segment alternative written in Go, built for the enterprise.',
     long_description=long_description,
+    long_description_content_type='text/markdown',
     classifiers=[
         "Development Status :: 5 - Production/Stable",
         "Intended Audience :: Developers",
         "License :: OSI Approved :: MIT License",
         "Operating System :: OS Independent",
         "Programming Language :: Python",
-        "Programming Language :: Python :: 3.6",
-        "Programming Language :: Python :: 3.7",
+        "Programming Language :: Python :: 3",
         "Programming Language :: Python :: 3.8",
         "Programming Language :: Python :: 3.9",
+        "Programming Language :: Python :: 3.10",
+        "Programming Language :: Python :: 3.11",
+        "Programming Language :: Python :: 3.12",
+        "Topic :: Software Development :: Libraries :: Python Modules",
     ],
+    zip_safe=False,
+    include_package_data=True,
 )