This adds the following:
- A detect-secrets dependency and a related script
(`script/detect_secrets`) to find and alert developers to secrets
added to the code. By default, the script will search staged and new,
unstaged files. It can optionally search only staged files.
- A whitelist, `.secrets.baseline`, that tracks instances of secrets or
false positives already in the repo.
- Modifies `script/test` to detect secrets as part of the test suite.
- Updates to the README regarding the use of detect-secrets.
We should try and track mainline Python as much as possible.
PyYAML was a sub-dependency of a dev dependency but was being included
in the translations utility. Bundling only the production Python
dependencies was not working because of this.
The latest version of `flask-rq2` depends on:
* rq-scheduler>=0.8.3
* rq>=0.12,<0.13
Previously, `rq-scheduler` (0.8.3) requires:
* rq>=0.8
A recent release of `rq-scheduler`, 0.9 requires:
* rq>=0.13
`rq-scheduler`'s requirement conflicts directly with `flask-rq2`'s
version requirement of `rq`.
Manully pinning `rq-scheduler` to `>=0.8.3,<0.9` causes `0.8.3` to be
installed, so both dependencies can be satisfied.
Previously tests would fail when `pipenv run pytest` was run because the
`FLASK_ENV` was not set. Rather than having to remember to run
`FLAKS_ENV=test pipenv run pytest`, we can use `pytest-env` to set the
env variable. The `D:` prefix tells `pytest-env` to not override an
existing value for the variable.
