From ceb07306433abd645d44b4cfe6373e6f176630cf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 28 Mar 2023 22:03:34 +0000
Subject: [PATCH 1/8] chore(deps): bump sentry-sdk from 1.17.0 to 1.18.0 in
 /appcontainer

Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.17.0 to 1.18.0.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/1.17.0...1.18.0)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 appcontainer/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/appcontainer/requirements.txt b/appcontainer/requirements.txt
index d98b9a2db..d2261cfdf 100644
--- a/appcontainer/requirements.txt
+++ b/appcontainer/requirements.txt
@@ -3,5 +3,5 @@ Django==4.1.7
 django-csp==3.7
 eligibility-api==2023.01.1
 requests==2.28.2
-sentry-sdk==1.17.0
+sentry-sdk==1.18.0
 six==1.16.0

From 1a35411c0a1c0b426a6f14c75bd4e3aec3cb4286 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 28 Mar 2023 22:08:57 +0000
Subject: [PATCH 2/8] chore(deps-dev): bump cypress from 12.8.1 to 12.9.0 in
 /tests/cypress

Bumps [cypress](https://github.com/cypress-io/cypress) from 12.8.1 to 12.9.0.
- [Release notes](https://github.com/cypress-io/cypress/releases)
- [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/cypress-io/cypress/compare/v12.8.1...v12.9.0)

---
updated-dependencies:
- dependency-name: cypress
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 tests/cypress/package-lock.json | 14 +++++++-------
 tests/cypress/package.json      |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/tests/cypress/package-lock.json b/tests/cypress/package-lock.json
index a2790eb70..55f2253d6 100644
--- a/tests/cypress/package-lock.json
+++ b/tests/cypress/package-lock.json
@@ -9,7 +9,7 @@
       "version": "1.0.0",
       "license": "AGPL-3.0-or-later",
       "devDependencies": {
-        "cypress": "^12.8.1"
+        "cypress": "^12.9.0"
       }
     },
     "node_modules/@colors/colors": {
@@ -523,9 +523,9 @@
       }
     },
     "node_modules/cypress": {
-      "version": "12.8.1",
-      "resolved": "https://registry.npmjs.org/cypress/-/cypress-12.8.1.tgz",
-      "integrity": "sha512-lIFbKdaSYAOarNLHNFa2aPZu6YSF+8UY4VRXMxJrFUnk6RvfG0AWsZ7/qle/aIz30TNUD4aOihz2ZgS4vuQVSA==",
+      "version": "12.9.0",
+      "resolved": "https://registry.npmjs.org/cypress/-/cypress-12.9.0.tgz",
+      "integrity": "sha512-Ofe09LbHKgSqX89Iy1xen2WvpgbvNxDzsWx3mgU1mfILouELeXYGwIib3ItCwoRrRifoQwcBFmY54Vs0zw7QCg==",
       "dev": true,
       "hasInstallScript": true,
       "dependencies": {
@@ -2202,9 +2202,9 @@
       }
     },
     "cypress": {
-      "version": "12.8.1",
-      "resolved": "https://registry.npmjs.org/cypress/-/cypress-12.8.1.tgz",
-      "integrity": "sha512-lIFbKdaSYAOarNLHNFa2aPZu6YSF+8UY4VRXMxJrFUnk6RvfG0AWsZ7/qle/aIz30TNUD4aOihz2ZgS4vuQVSA==",
+      "version": "12.9.0",
+      "resolved": "https://registry.npmjs.org/cypress/-/cypress-12.9.0.tgz",
+      "integrity": "sha512-Ofe09LbHKgSqX89Iy1xen2WvpgbvNxDzsWx3mgU1mfILouELeXYGwIib3ItCwoRrRifoQwcBFmY54Vs0zw7QCg==",
       "dev": true,
       "requires": {
         "@cypress/request": "^2.88.10",
diff --git a/tests/cypress/package.json b/tests/cypress/package.json
index c8fb90bbf..29eb4e440 100644
--- a/tests/cypress/package.json
+++ b/tests/cypress/package.json
@@ -12,6 +12,6 @@
   "license": "AGPL-3.0-or-later",
   "private": true,
   "devDependencies": {
-    "cypress": "^12.8.1"
+    "cypress": "^12.9.0"
   }
 }

From b51ee89d691c34b5ea8f7af4e581da9c1e95579e Mon Sep 17 00:00:00 2001
From: Angela Tran <angela@compiler.la>
Date: Fri, 31 Mar 2023 15:28:06 +0000
Subject: [PATCH 3/8] refactor: wrap assignment in try/except and convert type
 to int

---
 benefits/settings.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/benefits/settings.py b/benefits/settings.py
index 10154609e..763500bd3 100644
--- a/benefits/settings.py
+++ b/benefits/settings.py
@@ -311,6 +311,14 @@ def _filter_empty(ls):
 # Configuration for requests
 # https://requests.readthedocs.io/en/latest/user/advanced/#timeouts
 
-REQUESTS_CONNECT_TIMEOUT = os.environ.get("REQUESTS_CONNECT_TIMEOUT", 3)
-REQUESTS_READ_TIMEOUT = os.environ.get("REQUESTS_READ_TIMEOUT", 1)
+try:
+    REQUESTS_CONNECT_TIMEOUT = int(os.environ.get("REQUESTS_CONNECT_TIMEOUT"))
+except Exception:
+    REQUESTS_CONNECT_TIMEOUT = 3
+
+try:
+    REQUESTS_READ_TIMEOUT = int(os.environ.get("REQUESTS_READ_TIMEOUT"))
+except Exception:
+    REQUESTS_READ_TIMEOUT = 1
+
 REQUESTS_TIMEOUT = (REQUESTS_CONNECT_TIMEOUT, REQUESTS_READ_TIMEOUT)

From ed59c857f4d32b194daa16907bacd5e5d639e486 Mon Sep 17 00:00:00 2001
From: Angela Tran <angela@compiler.la>
Date: Fri, 31 Mar 2023 15:30:19 +0000
Subject: [PATCH 4/8] refactor: increase default read timeout value

---
 benefits/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/benefits/settings.py b/benefits/settings.py
index 763500bd3..c93e7dd26 100644
--- a/benefits/settings.py
+++ b/benefits/settings.py
@@ -319,6 +319,6 @@ def _filter_empty(ls):
 try:
     REQUESTS_READ_TIMEOUT = int(os.environ.get("REQUESTS_READ_TIMEOUT"))
 except Exception:
-    REQUESTS_READ_TIMEOUT = 1
+    REQUESTS_READ_TIMEOUT = 20
 
 REQUESTS_TIMEOUT = (REQUESTS_CONNECT_TIMEOUT, REQUESTS_READ_TIMEOUT)

From ba14ad2af14a852f2b9a9a7be74827183e5cda94 Mon Sep 17 00:00:00 2001
From: Angela Tran <angela@compiler.la>
Date: Fri, 31 Mar 2023 16:23:02 +0000
Subject: [PATCH 5/8] fix: configure a custom denylist to avoid sending PII to
 Sentry

---
 benefits/sentry.py | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/benefits/sentry.py b/benefits/sentry.py
index a0291dc5b..2808baa99 100644
--- a/benefits/sentry.py
+++ b/benefits/sentry.py
@@ -1,10 +1,13 @@
-from benefits import VERSION
-import sentry_sdk
-from sentry_sdk.integrations.django import DjangoIntegration
 import shutil
 import os
 import subprocess
 
+import sentry_sdk
+from sentry_sdk.integrations.django import DjangoIntegration
+from sentry_sdk.scrubber import EventScrubber, DEFAULT_DENYLIST
+
+from benefits import VERSION
+
 
 SENTRY_ENVIRONMENT = os.environ.get("SENTRY_ENVIRONMENT", "local")
 
@@ -52,6 +55,12 @@ def get_release() -> str:
             return VERSION
 
 
+def get_denylist():
+    # custom denylist
+    denylist = DEFAULT_DENYLIST + ["sub", "name"]
+    return denylist
+
+
 def configure():
     SENTRY_DSN = os.environ.get("SENTRY_DSN")
     if SENTRY_DSN:
@@ -68,6 +77,7 @@ def configure():
             environment=SENTRY_ENVIRONMENT,
             release=release,
             in_app_include=["benefits"],
+            event_scrubber=EventScrubber(denylist=get_denylist()),
         )
     else:
         print("SENTRY_DSN not set, so won't send events")

From 9cf9d8ddb6d9b088ac6fa3530d6619a0f1ed3f2d Mon Sep 17 00:00:00 2001
From: Angela Tran <angela@compiler.la>
Date: Fri, 31 Mar 2023 18:00:28 +0000
Subject: [PATCH 6/8] chore: configure send_default_pii explicitly to False,
 add docs link

---
 benefits/sentry.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/benefits/sentry.py b/benefits/sentry.py
index 2808baa99..8ac7290da 100644
--- a/benefits/sentry.py
+++ b/benefits/sentry.py
@@ -77,6 +77,8 @@ def configure():
             environment=SENTRY_ENVIRONMENT,
             release=release,
             in_app_include=["benefits"],
+            # https://docs.sentry.io/platforms/python/data-management/sensitive-data/#event_scrubber
+            send_default_pii=False,
             event_scrubber=EventScrubber(denylist=get_denylist()),
         )
     else:

From d8622ab68644f9df0ceda2673553fd9cab2dd49d Mon Sep 17 00:00:00 2001
From: Angela Tran <angela@compiler.la>
Date: Fri, 31 Mar 2023 13:47:56 -0500
Subject: [PATCH 7/8] chore: add comment for EventScrubber requirements

Co-authored-by: Kegan Maher <kegan@compiler.la>
---
 benefits/sentry.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/benefits/sentry.py b/benefits/sentry.py
index 8ac7290da..f5198dbb4 100644
--- a/benefits/sentry.py
+++ b/benefits/sentry.py
@@ -77,6 +77,7 @@ def configure():
             environment=SENTRY_ENVIRONMENT,
             release=release,
             in_app_include=["benefits"],
+            # send_default_pii must be False (the default) for a custom EventScrubber/denylist
             # https://docs.sentry.io/platforms/python/data-management/sensitive-data/#event_scrubber
             send_default_pii=False,
             event_scrubber=EventScrubber(denylist=get_denylist()),

From cf64e41dede85da258e234064365db47863aceb2 Mon Sep 17 00:00:00 2001
From: Angela Tran <angela@compiler.la>
Date: Mon, 3 Apr 2023 22:33:37 +0000
Subject: [PATCH 8/8] chore(release): bump version to 2023.04.1

---
 benefits/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/benefits/__init__.py b/benefits/__init__.py
index c254f2122..544748407 100644
--- a/benefits/__init__.py
+++ b/benefits/__init__.py
@@ -1,3 +1,3 @@
-__version__ = "2023.03.2"
+__version__ = "2023.04.1"
 
 VERSION = __version__