diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml
new file mode 100644
index 0000000..0670805
--- /dev/null
+++ b/.github/workflows/bandit.yml
@@ -0,0 +1,24 @@
+name: Security check - Bandit
+
+on: push
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Security check - Bandit
+ uses: ioggstream/bandit-report-artifacts@v1.7.4
+ with:
+ project_path: src
+ # ignore_failure: true
+
+ # This is optional
+ #- name: Security check report artifacts
+ # uses: actions/upload-artifact@v4
+ # with:
+ # name: Security report
+ # path: output/security_report.txt
+
diff --git a/.gitignore b/.gitignore
index 1e7140e..9e6eb50 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,10 +10,12 @@ coverage.json
*.py?
*.swp
# dirs
+__pycache__
bin/
buildout-cache/
develop-eggs/
eggs/
+extras/
htmlcov/
include/
lib/
@@ -43,4 +45,5 @@ reports/
!.gitkeep
!.travis.yml
!src/redturtle
+!src/.bandit
.idea/
diff --git a/CHANGES.rst b/CHANGES.rst
index e7221ef..d1c013a 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,12 +1,19 @@
Changelog
=========
-5.4.10 (unreleased)
--------------------
+5.5.1 (unreleased)
+------------------
+
+- Nothing changed yet.
+
+
+5.5.0 (2024-07-10)
+------------------
- Fixed limit event occurrences to 100.
[eikichi18]
-
+- Add dependency with collective.volto.sitesettings.
+ [cekk]
5.4.9 (2024-04-22)
------------------
diff --git a/MANIFEST.in b/MANIFEST.in
index c78ce44..2b4cf2a 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -4,3 +4,5 @@ include *.rst
include *.GPL
include *.txt
global-exclude *.pyc
+exclude .pre-commit-config.yaml
+exclude src/.bandit
diff --git a/base.cfg b/base.cfg
index 40609a0..b7676a3 100644
--- a/base.cfg
+++ b/base.cfg
@@ -17,8 +17,11 @@ parts =
omelette
robot
plone-helper-scripts
-develop = .
+develop = .
+sources-dir = extras
+auto-checkout = *
+always-checkout = force
[instance]
recipe = plone.recipe.zope2instance
@@ -117,3 +120,5 @@ scripts =
# Don't use a released version of redturtle.volto
redturtle.volto =
setuptools =
+
+[sources]
diff --git a/setup.py b/setup.py
index c2648a3..63f78c5 100644
--- a/setup.py
+++ b/setup.py
@@ -16,7 +16,7 @@
setup(
name="redturtle.volto",
- version="5.4.10.dev0",
+ version="5.5.1.dev0",
description="Helper package to setup a RedTurtle's Plone site ready to work with Volto.",
long_description=long_description,
# Get more from https://pypi.org/classifiers/
@@ -62,6 +62,7 @@
"plone.volto>=4.0.0",
"plone.restapi>=9.6.0",
"Products.PortalTransforms>=3.2.0",
+ "collective.volto.sitesettings",
"z3c.jbot",
],
extras_require={
diff --git a/src/.bandit b/src/.bandit
new file mode 100644
index 0000000..0a55d30
--- /dev/null
+++ b/src/.bandit
@@ -0,0 +1,3 @@
+[bandit]
+exclude = locales,tests
+skips = B410
diff --git a/src/redturtle/volto/profiles/default/metadata.xml b/src/redturtle/volto/profiles/default/metadata.xml
index a10e361..f81f979 100644
--- a/src/redturtle/volto/profiles/default/metadata.xml
+++ b/src/redturtle/volto/profiles/default/metadata.xml
@@ -1,10 +1,11 @@
- 4305
+ 4306
profile-plone.volto:default
profile-plone.app.caching:with-caching-proxy
profile-collective.volto.gdprcookie:default
profile-kitconcept.seo:default
+ profile-collective.volto.sitesettings:default
diff --git a/src/redturtle/volto/testing.py b/src/redturtle/volto/testing.py
index b1a227f..c7719e8 100644
--- a/src/redturtle/volto/testing.py
+++ b/src/redturtle/volto/testing.py
@@ -9,6 +9,7 @@
from plone.testing import z2
import collective.volto.gdprcookie
+import collective.volto.sitesettings
import kitconcept.seo
import plone.app.caching
import plone.restapi
@@ -24,6 +25,7 @@ def setUpZope(self, app, configurationContext):
# The z3c.autoinclude feature is disabled in the Plone fixture base
# layer.
self.loadZCML(package=collective.volto.gdprcookie)
+ self.loadZCML(package=collective.volto.sitesettings)
self.loadZCML(package=plone.restapi)
self.loadZCML(package=redturtle.volto)
self.loadZCML(package=plone.volto)
@@ -67,6 +69,7 @@ def setUpZope(self, app, configurationContext):
super(RedturtleVoltoRestApiLayer, self).setUpZope(app, configurationContext)
self.loadZCML(package=collective.volto.gdprcookie)
+ self.loadZCML(package=collective.volto.sitesettings)
self.loadZCML(package=plone.restapi)
self.loadZCML(package=plone.volto)
self.loadZCML(package=redturtle.volto)
diff --git a/src/redturtle/volto/upgrades.py b/src/redturtle/volto/upgrades.py
index cc0db68..dcf37cc 100644
--- a/src/redturtle/volto/upgrades.py
+++ b/src/redturtle/volto/upgrades.py
@@ -508,3 +508,10 @@ def to_4305(context):
installer.uninstall_product(product_id="collective.volto.cookieconsent")
if not installer.is_product_installed("collective.volto.gdprcookie"):
installer.install_product(product_id="collective.volto.gdprcookie")
+
+
+def to_4306(context):
+ portal = api.portal.get()
+ installer = get_installer(portal, portal.REQUEST)
+ if not installer.is_product_installed("collective.volto.sitesettings"):
+ installer.install_product(product_id="collective.volto.sitesettings")
diff --git a/src/redturtle/volto/upgrades.zcml b/src/redturtle/volto/upgrades.zcml
index 8e8b91e..1264a85 100644
--- a/src/redturtle/volto/upgrades.zcml
+++ b/src/redturtle/volto/upgrades.zcml
@@ -232,4 +232,12 @@
destination="4305"
handler=".upgrades.to_4305"
/>
+
diff --git a/test_plone60.cfg b/test_plone60.cfg
index 1a664bc..ca0dc12 100644
--- a/test_plone60.cfg
+++ b/test_plone60.cfg
@@ -6,6 +6,12 @@ extends =
base.cfg
[versions]
+docutils =
+
+# Added by buildout at 2023-03-10 11:55:21.122842
+Products.AdvancedQuery = 4.2.1
+createcoverage = 1.5
+dm.plone.advancedquery = 1.0
flake8 = 6.0.0
mccabe = 0.7.0
plone.recipe.codeanalysis = 3.0.1