I'll wait for about a month and release 1.74 in the middel of September if there's no blocker nor request to wait for more. Thank you for your patience.
On that day, I also released a new version of Parse::PMFile that could get package/version information from the newly-introduced "class NAME VERSION" statement, hoping to apply the exact change to the PAUSE itself. Unfortunately, that didn't happen this year because we were not yet sure what would (unexpectedly) happen by the change. I'll do some investigation by the next time. I also wanted to make Perl::PrereqScanner::NotQuiteLite recognize the native class statement, but as it turned out to need more work than I expected, I just updated it to see new ":isa/:does" attributes of Object::Pad.
Having made a few more minor improvements for PAUSE on docker, I started another experimentation on day 2: multi-factor authentication for PAUSE. I didn't think we could use MFA when we log into PAUSE because PAUSE still uses basic authentication, but at least we could ask people to send an extra token when they upload modules or edit their accounts. So I made another draft pull request on top of PAUSE on docker as a proof of concept. We still have much to do on both sides (i.e., PAUSE and uploaders). Comments are welcome.
Meanwhile, I made a few pull requests to fix issues found while testing.
My PAUSE on docker was based on Debian bullseye, whose Perl was 5.32, but it turned out that the current PAUSE was running with Perl 5.16. So, on day 3, I made another draft pull request that used CentOS 7 as a base, which revealed a few dependency issues.
And it was about time for us to start merging stuff. I sat next to Andreas König and showed him what seemed ready to merge one by one. I fixed several more minor issues on days three and four.
Many thanks to Philippe Bruhat, Laurent Boivin, and Neil Bowers for organizing this event again and to our generous sponsors: Booking.com, Deriv, Grant Street Group, Fastmail, cPanel, Perl Careers, MaxMind, Fastly Inc., Perl Maven, OpenCage, Perl Services, Oetiker+Partner, Procura.
This time I'll wait for about a week and release 1.72 at the beginning of November if there's no blocker nor request to wait for more. Thank you for your patience.
use DBI; use DBD::SQLite::Constants qw(:dbd_sqlite_string_mode);my $dbh = DBI->connect("dbi:SQLite:$dbname", "", "", {
sqlite_string_mode => DBD_SQLITE_STRING_MODE_UNICODE_FALLBACK,
# or
# sqlite_string_mode => DBD_SQLITE_STRING_MODE_BYTES,
...
});
These two new modes are, however, slightly incompatible with the old sqlite_unicode's behavior. If you want to use them with existing databases, you might need to convert them first (by retrieving all the data with the old flag and inserting them into new databases with a new mode, etc).
See Changes for other fixes and changes.
This release also updates bundled SQLite from 3.32.3 to 3.36.0, which means now you can use built-in math functions and ALTER TABLE DROP COLUMN among others.
I'll wait for about a month as always, and release 1.68 around the end of July if there's no blocker nor request to wait for more. Thank you for your patience.
I'll wait for about a month as always, and release 1.66 at the end of August if there's no blocker nor request to wait for more. Thank you for your patience.
]]>
use DBD::SQLite::Constants qw/:database_connection_configuration_options/;
$dbh->sqlite_db_config( SQLITE_DBCONFIG_DQS_DML, 1 );
$dbh->do('INSERT INTO foo VALUES (1, "text")'); # Now this is an error
I'll wait for about a month as always, and release 1.64 in the middle of August (that means, after PerlCon) if there's no blocker nor request to wait for more. Thank you for your patience.
This was the fifth year of my PAUSE hacking. I had spent first two years to port PAUSE web interface from mod_perl to Plack to get rid of deprecated tools, and another two years from Plack to Mojolicious for more structure and understandability. PAUSE on Mojolicious was deloyed into production at the 2018 summit (I'm sorry I couldn't report this last year). However, it was still checked out from my mojo_wip branch, and fell back to the old PAUSE on Plack from time to time, e.g. when something weird was found in my branch, or to use new maintenance tools my branch didn't have. One of my goals this year was to resolve this issue.
Another goal was to add a feature to manage permissions per distribution, which I had been wanting to add for years. Miyagawa-san had written a "comaint" script (App::PAUSE::Comaint) in 2013 for the same purpose, but of course it should be better for PAUSE itself to have it. This meant I needed to add at least six new pages and their tests, a new column to a table and a script to fill it, which might be a little too much for four days. So, as always, I prepared them in my local repository before the summit, hoping I could merge them with just a little fine-tuning at the venue.
Another, more ambitious goal was to add a new permission described in "the PAUSE Operating Model" published in October, 2017. I also started implementing this on top of the above, but I bumped into a few blocking issues and couldn't finish prototyping at home.
The first day at the summit started with a group discussion on PAUSE. After we talked about a few topics such as fixing case of module names in the indices and a new OAuth2 feature proposed by Lee Johnson, we moved on to the issues about the Operating Model. The "admin" permission described in the model was renamed to "permission manager" (or "p" for short) permission to avoid confusion with the PAUSE admins (those who have administrative privileges on the PAUSE itself), and to avoid conflict with a deprecated "m" (mailing list) permission. We also agreed to copy "p" permissions to new modules in a distribution uploaded by another contributor, so that people with "p" permission could keep their manager right for the distribution after the upload.
After the discussion, I asked Andreas König to merge my mojo_wip branch into his master. As PAUSE on Mojolicious was in a different directory (lib/pause_2017) from the one for PAUSE on Plack (lib/pause_1999), this merge should not cause any conflicts. GitHub also assured "[t]his branch ha[d] no conflicts with the base branch". Nevertheless, it didn't go as smoothly as we had expected, because both branches had changed PREREQ_PM section in Makefile.PL and manual git rebase messed it. We also encountered another issue because my master branch was way too old. In the end, we had to make a fresh checkout from Andreas' master. We still had two checkouts and two configurations so that we could use one for staging/testing, but anyway, now both were from the same origin.
Meanwhile, Slaven Reziç fixed a certification issue on pause.cpan.org (a less-known entrance to the PAUSE) by launching another Perlbal for it. Impressive.
We moved on to the new permission-per-distribution feature. This was not to introduce a new distribution-wide permission, but to find relevant indexed modules from a distribution name and apply the requested change to each of them. However, at this point PAUSE could only tell which package was taken from which distribution path (such as A/AU/AUTHOR/Distname-Version.tar.gz). As a starter, we added a new column to hold a distribution name (without directory, version and extension parts), and filled it using a one-off script. I also showed what the pages looked like and asked a few people for comments. General response was they seemed ok but a little more information would be nice (the first version only listed distribution names). I started cherry-picking what I did at home while adding a spoonful of sugar on them.
I continued cherry-picking on the day 2. While I was adding explanatory texts and links to the pages, I found that the div ids in the HTML version of the operating model document were based on an incremental counter and were not suitable for a canonical url fragment. I replaced them with headline-based ids.
I also silenced log outputs from PAUSE on Mojolicious while testing under Travis CI environments.
Next morning, I finished cherry-picking and asked Andreas to deploy. Neil Bowers tried the new feature and encountered a problem: an SQL statemnt that I added at the venue to show more information, turned out to be too slow under the production environment (though it was not so slow under my local environment). Slaven helped us a lot to analyze this issue. It was MySQL version that mattered. I proposed to revert the feature but we decided to hide it instead. I was almost certain how to work around the problem, but to make sure, I started creating another environment to reproduce it at hand.
Meanwhile, I followed the practice Ricardo Signes started this year and added labels to GitHub issues to help us find which should belong to which team. I found I still had about thirty issues to address.
Next day I got up a little earlier and tested the workaround under the new environment before breakfast. I also fixed my mistakes while cherry-picking, and a few security issues spotted by a Burp report from Lee. After we merged them, I made the permission-per-distribution feature visible again. I also made a change to grant primary (first-come) permissions to a special ADOPTME user when someone gave them up, to avoid undesired takeover.
I then got involved in an argument that basically claimed that Mojolicious was too unstable and PAUSE should not use it. Though this was not the first time for me, how nice it was to have at the last day of the summit after my three-year port was merged into master. I was sorry I forgot to urge the person to go to a smaller room, but anyway, I'd like to clarify a few points:
I went out for fresh air, wondering if I should spend the rest of the day doing something else, maybe for CPANTS and such, but it was a little too late. I took deep breaths, and went back to restart fixing smaller PAUSE issues. I made it possible to edit user information even when their email address was CENSORED, while I added an email address validation for a new user request. I also removed a note on direct upload from GitHub (that was more error prone anyway), and let PAUSE warn if unstable version was going to be reindexed.
Meanwhile, Ricardo Signes took care of my years-old pull requests for the PAUSE indexer that I should have added tests. This made me really happy. All's well that ends well.
Many thanks to Neil Bowers, Philippe Bruhat, and Laurent Boivin for organizing this event again, and to Wendy Van Dijk for food and kindness, and to our generous sponsors: Booking.com, cPanel, MaxMind, FastMail, ZipRecruiter, Cogendo, Elastic, OpenCage Data, Perl Services, Zoopla, Archer Education, OpusVL, Oetiker+Partner, SureVoIP, YEF.
This release also introduces "sqlite_defensive" option, to disallow dangerous SQLite features such as updating "sqlite_master" table.
my $dbh = DBI->connect('dbi:SQLite::memory:', undef, undef, {
RaiseError => 1,
PrintError => 0,
sqlite_defensive => 1,
});
If you need finer control, you can use "sqlite_db_config" method as well.
use DBD::SQLite::Constants qw/:database_connection_configuration_options/;
$dbh->sqlite_db_config( SQLITE_DBCONFIG_DEFENSIVE, 1 );
This release also provides an experimental feature to "fix" TYPE statement handle attribute ("sqlite_prefer_numeric_type" option). However, using this option may break your O/R mappers that have worked around this long-standing issue. Note also that SQLite uses dynamic type system (that means, the datatype of a value is associated with the value itself, not with its container column).
See changes for other minor fixes.
It also contains a fix that changes how to store values in a PerlData virtual table. If you use PerlData virtual table, this may affect your applications.
I'll wait for about a month as always, and release 1.60 at the end of November if there's no blocker nor request to wait more. Thank you for patience.
]]>DBD::SQLite 1.55_07 (with SQLite 3.22.0) is a release candidate of the next stable DBD::SQLite. It has various query planner improvements, optimizations, performance enhancements, and bug fixes, especially on LEFT JOIN queries, IN and OR operators, and WITHOUT ROWID tables. It also supports "row values", that means now you can write a query like this:
UPDATE foo SET (id, text) = (SELECT id, text FROM bar WHERE id = 1);
Follow the links in http://www.sqlite.org/chronology.html, or each of the following links, to see full details.
Changes for SQLite 3.14 ~ 3.14.2
Changes for SQLite 3.15.0 ~ 3.15.2
Changes for SQLite 3.16.0 ~ 3.16.2
Changes for SQLite 3.17.0
Changes for SQLite 3.18.0 ~ 3.18.2
Changes for SQLite 3.19.0 ~ 3.19.3
Changes for SQLite 3.20.0 ~ 3.20.1
Changes for SQLite 3.21.0
Changes for SQLite 3.22.0
Please remember: newer versions of SQLite (since 3.14) are known to have broken a test in older versions of DBIx::Class because of some minor change that seems not listed in the release notes of SQLite. This kind of obscure changes might also affect your applications.
Peter "ribasushi" Rabbitson also found a bug in the recent versions of SQLite (between 3.20.0 and 3.22.0) that was only visible if the SQLite library was built with SQLITE_ENABLE_STAT[34] compile-time options, which unfortunately was the case of older versions of DBD::SQLite. This bug has already been fixed in the upstream repository, but the fix is not released yet. To work around this for now, DBD::SQLite 1.55_07 is released with these two compile-time options disabled. I'm not sure how this change may affect the performance of your applications, but if this really affects you and your applications significantly, and DBD::SQLite 1.55_06 (with SQLite 3.19.3 plus these options enabled) works better for you, please let me know. I might make it stable this time, and wait for the next release of SQLite.
See also other (rather minor) changes in DBD::SQLite:
https://metacpan.org/release/ISHIGAKI/DBD-SQLite-1.55_07
I'll wait for a month as always, and release 1.56 at the end of February if there's no blocker nor request to wait more. Thank you for patience.
You might wonder why I chose Mojolicious, instead of a plain template engine just to separate views from controllers, or a few other frameworks. I can think of several reasons. I've been using Mojolicious since its earliest days and I've already used it to rewrite CPANTS Web. Mojolicious is PSGI-compliant and as long as we stick to PSGI features, we don't need to change lower layers. Using a new template engine means almost all pages need to be modified anyway, and compared with the cost of this template migration, migration costs for new router/dispatcher/file layout are rather trivial. But probably the biggest reason was I had several days I could use before the summit this year, namely so-called "Golden Week" (a series of Japnaese national holidays). If things went wrong, I could redo what I did differently at the summit.
I started porting PAUSE on Mojolicious on May 2, under my private repository as I did two years ago. To avoid conflicts, I made a new directory called pause_2017, and built a skeleton with a set of controllers with empty actions, corresponding empty templates as well as routes to map them. Then I took what was necessary for me to visit all the PAUSE menus from pause_1999, and started copying business logic of each page into an appropriate action method in an appropriate controller, and visual components into templates. Before I left for Lyon, all but a few big pages had the same look as those in pause_1999, though I couldn't assure they worked correctly as well. I had written a test to make sure all the GET requests returned 200 without leaving "deadmeat" (ie. broken XHTML page), but that was hardly enough. I also needed to monkey-patch Mojolicious::Plugin::TagHelpers to let it create XHTML tags, which suggested that migration would take more time than I had expected.
On the day 1 at the summit, I asked Andreas König for the necessary permission and he kindly encouraged me to go on my work. I explained briefly that I was porting under a different directory and he didn't need to worry about conflicts, and what Mojolicious templates and file layout looked like. I also asked him if we really need some of the old admin features, and he assured me I didn't need to copy some of the last remaining bits. I removed several features from my port, and worked on the last a few pages. I also asked Joel Berger (one of the core developers of Mojolicious) for a better practice to compose emails with Mojolicious templates, and started porting emails as well.
I kept on using my private repository while I was moving things round and round, but as Peter Sergeant offered me some help, I spent most of the day 2 on testing and fixing porting bugs so that I could push more stable code to GitHub, and created a TODO file to share ideas with him.
Day 3 was rather short for me because I attended two group discussions. I pushed "mojo_wip" branch to https://github.com/charsbar/pause/ at the beginning of the day, and made it the default branch for me. Soon afterwards Peter sent me a pull request for my tests to reuse testing modules he wrote for pause_1999 at the previous QA Hackathon, which was really awesome.
Peter sent me two more pull requests on day 4, which revealed that I needed to monkey-patch another Mojo component for now. So I asked Andreas for his preferences, and agreed we didn't need to stick to XHTML, nor table layout, and we didn't need to care about ancient browsers which didn't support PNG, UTF-8, nor https anymore. We also discussed another security issue we'd known for a few years, which was left as a TODO again.
Now it was obvious that I wouldn't be able to finish everything at the summit, I started looking at the PTS wiki and GitHub issues to see if there's anything I could do for PAUSE by the end of the day. I found some and asked Neil Bowers for exactly what he wanted. One of them was a regression caused by the deprecation of module registration. I sent a pull request to Andreas' master, and merged it myself with the nod from Andreas.
Aside from PAUSE, I replaced a CPANTS metric called "previous package_version_matches_dist_version" with more specific "main_module_version_matches_dist_version", thanks to a request from Karen Etheridge. I also talked with Shoichi Kaji about CPAN::Common::Index and other stuff, and with H. Merijn Brand about Text::CSV(_PP|XS) for significant part of Text::CSV_PP is taken almost verbatim from pure perl part of Text::CSV_XS.
Many thanks to Neil Bowers, Philippe Bruhat, and Laurent Boivin for organizing this event, and to Wendy Van Dijk for food and kindness, and to our generous sponsors: Booking.com, ActiveState, cPanel, FastMail, MaxMind, Perl Careers, MongoDB, SureVoIP, Campus Explorer, Bytemark, CAPSiDE, Charlie Gonzalez, Elastic, OpusVL, Perl Services, Procura, XS4ALL, Oetiker+Partner.
See Changes file in the distribution for other fixes and improvements, and see also https://www.sqlite.org/changes.html for the changes in SQLite library.
Meanwhile I helped Andreas merge other contributors' (old and new) pull requests to PAUSE. We also wanted to merge some of my old requests on the indexer, but decided not this time, until I add some tests to demonstrate issues more clearly for our exhausted eyes. (Actually, I had written their tests only for Parse::PMFile, a derivation of the PAUSE indexer. Mea culpa.)
I also addressed an issue on Test::PAUSE::Permissions raised previously by Karen Etheridge to prevent a maintainer in a large team from adding a new package to an established distribution accidentally, so that everyone in the team can upload the distribution without permission problems. This issue was also discussed briefly later at the hackathon, and Colin Newell has sent a pull request to PAUSE to fix it from another aspect.
Aside from PAUSE, I asked several people to update their distributions (makamaka for JSON::PP, Ricardo Signes for Email::Sender and Software::License, Sawyer for Dancer::Session::JSON, Chris Williams for Archive::Tar), and shipped two CPANTS-related modules (Parse::LocalDistribution and Module::CPANTS::Analyse). I also asked Karen to review the core CPANTS metrics, and added one on the META.json existence as an extra. I skipped most of the group discussions, except for Software::License and PAUSE.
As for CPANTS, I started refactoring the website and the analyzer before the hackathon. None of them have finished yet, but I'm hoping I can show you something within a week or so (after this national holiday week).
Many thanks to the organizers (Neil Bowers, JJ Allen, Barbie) and to the sponsors:
FastMail,
ZipRecruiter,
ActiveState,
OpusVL,
Strato,
SureVoIP,
CV-Library,
Infinity Interactive,
Perl Careers,
MongoDB,
think project!,
Dreamhost,
Campus Explorer,
Perl 6 Community,
Perl Services,
Evozon,
Booking.com,
Eligo,
Oetiker+Partner,
CAPSiDE,
Procura,
Constructor.io,
Robbie Bow,
Ron Savage,
Charlie Gonzalez,
Justin Cook.
DBD::SQLite 1.50 will also have JSON functions (http://www.sqlite.org/json1.html) and indices on expressions (http://www.sqlite.org/expridx.html) introduced in SQLite 3.9.
See Changes file in the distribution for other fixes and improvements.
]]>There'll be no big change in DBD::SQLite 1.48 itself, but a few notable changes that might affect you include:
See Changes file in the distribution for other fixes and improvements.