Gramex 1.71 release notes
Gramex 1.71 introduces ComicHandler to serve comics as an API, security fixes, and more.
ComicHandler serves comics
ComicHandler serves comics as SVG files. It’s based on the Comicgen library. Here’s how to create a ComicHandler:
url:
comics:
pattern: /$YAMLURL/comics
handler: ComicHandler
Now, name=dee&angle=straight&emotion=smile&pose=super serves this SVG image:
This lets you create a variety of comic data stories. For examples, see gramener.com/datacomics/.
More robust security
Gramex passes security tests from 4 security testing tools:
- Bandit for Python security tests
- npm audit for front-end vulnerabilities
- Snyk for overall code security
- ClamAV for anti-virus tests
Future releases will be tested against these. See the results.
Specify URL where Gramex is running
If you’re redirected to the wrong page after logging in, this feature may help fix that issue.
If you run Gramex at example.com on port 9988, and use an
nginx proxy to redirect /project to that port:
location /project/ { # example.com/project/* maps to
proxy_pass http://127.0.0.1:9988/; # 127.0.0.1:9988/
}
… you can send Gramex a X-Gramex-Root header, telling Gramex that the application is hosted at
/project/:
location /project/ { # example.com/project/* maps to
proxy_pass http://127.0.0.1:9988/; # 127.0.0.1:9988/
proxy_set_header X-Gramex-Root /project/;
}
Now, redirects are interpreted relative to /project/.
So example.com/project/login?next=/ will now redirect the user to example./project/ instead of
example.com.
Gramex prefers npm over yarn
Gramex has fully migrated from yarn to npm as the preferred package manager – to reduce dependencies.
Specifically, when you run gramex install:
- If
package-lock.jsonexists, it runsnpm cito re-install all packages without changingpackage-lock.json - Else if
yarn.lockexists, it runsyarn install - Else if
package.jsonexists, it runsnpm install– notyarn install
JSONHandler escapes slashes in keys
JSONHandler now supports
keys that have a / in them.
Earlier, if there was a key called "home/page", there was no way to directly fetch its value.
Now, you can fetch "home\/page" instead. The \/ escapes slashes.
Read more.
Deprecations
gramex.cache.open() no longer reads XML, RSS, ATOM or SVG files as lxml trees. This is a rarely (perhaps never) used feature.
You can still use ext="txt" to open them as text files, or use your own custom transform to read them.
Bug fixes
- Session inactive expiry did not work with Redis cache – because we were saving the session before updating the last active time. This is fixed.
- pynode.node.js() installs npm packages into a new directory
$GRAMEXDATA/pynode/by default. So, Gramex’s owngramex/apps/pynode/package.jsonsource code is not affected when users install new libraries. - The Gramex Windows Service writes logs to a
service.login the current folder. This helps debug Windows services messages. - MongoDB object IDs are converted into strings. #430
- We’ve fully switched to Python 3 and eliminated the
sixpackage
Backward compatibility & security
Gramex 1.71 is backward compatible with previous releases unless the release notes say otherwise. Automated builds test this.
Every Gramex release is tested for security vulnerabilities using the following tools.
- Bandit tests for back-end Python vulnerabilities. See Bandit results
- npm-audit tests for front-end JavaScript vulnerabilities. See npm-audit results
- Snyk for front-end and back-end vulnerabilities. See Synk results
- ClamAV for anti-virus scans. See ClamAV results
Statistics
The Gramex code base has:
- 19,193 lines of Python (134 more than 1.70)
- 3,361 lines of JavaScript (86 less than 1.70)
- 12,320 lines of test code (64 more than 1.70)
- 89% test coverage (same as 1.70)
How to install
See the Gramex installation and upgrade instructions.
Note: Gramex 1.71 does not work with Python 3.8 or 3.9. We recommend Python 3.7.