Merge branch 'master' into add_pypy

support Python 3.14 (#453 )
* support Python 3.14 * update Python in Docker containers
2025-12-12 17:59:48 +01:00 · 2025-11-14 16:13:22 +01:00 · 2025-11-14 16:01:13 +01:00 · 2025-11-14 14:02:14 +01:00 · 2025-11-14 07:54:49 +01:00 · 2025-10-21 21:42:24 +02:00
18 changed files with 689 additions and 534 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -6,7 +6,7 @@
        "context": "..",
        //Update 'VARIANT' to pick a Python version: 3, 3.10, ...
        "args": {
-            "VARIANT": "3.11"
+            "VARIANT": "3.14"
        }
    },
    // Add the IDs of extensions you want installed when the container is created.
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1,5 @@
+* text eol=lf
+*.sh text eol=lf
+*.bat text eol=crlf
+*.cmd text eol=crlf
+*.ps1 text eol=crlf
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -0,0 +1,17 @@
+# Copilot Instructions
+
+This project is a web application that allows users to create and manage tasks. The application is built using Python.
+
+## Coding Standards
+
+- Use snakeCase for variable and function names.
+- Use PascalCase for component names.
+- Use double quotes for strings.
+- Use 4 spaces for indentation.
+
+## Tone
+
+- If I tell you that you are wrong, think about whether or not you think that's true and respond with facts.
+- Avoid apologizing or making conciliatory statements.
+- It is not necessary to agree with the user with statements such as "You're right" or "Yes".
+- Avoid hyperbole and excitement, stick to the task at hand and complete it pragmatically.
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -19,21 +19,35 @@ jobs:
  build:

    strategy:
+      fail-fast: false
      matrix:
        # 3.x is used to run code coverage
-        python-version: ["3.x", "3.13", "3.12", "3.11", "3.10", "3.9"]
-        platform: [ubuntu-latest, macos-latest, windows-latest, ubuntu-24.04-arm, macos-13]
-        # exclude:
+        python-version: ["3.x", "3.14", "3.13", "3.12", "3.11", "3.10", "3.9", "pypy3.10", "pypy3.11"]
+        platform: [ubuntu-latest, macos-latest, windows-latest, ubuntu-24.04-arm, macos-15-intel]
+        exclude:
+          - python-version: "pypy3.10"
+            platform: "windows-latest"
+          - python-version: "pypy3.11"
+            platform: "windows-latest"
+          - python-version: "pypy3.10"
+            platform: "ubuntu-24.04-arm"
+          - python-version: "pypy3.11"
+            platform: "ubuntu-24.04-arm"
+          - python-version: "pypy3.10"
+            platform: "macos-latest"
+          - python-version: "pypy3.11"
+            platform: "macos-latest"

    runs-on: ${{ matrix.platform }}

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
        with:
          python-version: ${{ matrix.python-version }}
          check-latest: ${{ github.event_name == 'schedule' }}
+          allow-prereleases: false
      - name: Install zbar shared lib for QReader (Linux)
        if: runner.os == 'Linux'
        run: |
--- a/.github/workflows/ci_docker.yml
+++ b/.github/workflows/ci_docker.yml
@@ -42,7 +42,7 @@ jobs:
    # steps to perform in job
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      # avoid building if there are testing errors
      - name: Run smoke test
@@ -78,7 +78,7 @@ jobs:

      - name: "Build image (Bookworm/Debian 12) and push to Docker Hub and GitHub Container Registry"
        id: docker_build_qr_reader_latest
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          platforms: linux/${{ matrix.DOCKER_ARCH }}
          # relative path to the place where source code with Dockerfile is located
@@ -88,13 +88,15 @@ jobs:
          # builder: ${{ steps.buildx.outputs.name }}
          # Note: tags has to be all lower-case
          build-args: |
-            BASE_IMAGE=python:3.13-slim-bookworm
+            BASE_IMAGE=python:3.14-slim-trixie
          pull: true
          tags: |
            docker.io/scit0/extract_otp_secrets:latest-${{ matrix.PLATFORM_ARCH }}
            docker.io/scit0/extract_otp_secrets:bookworm-${{ matrix.PLATFORM_ARCH }}
            ghcr.io/scito/extract_otp_secrets:latest-${{ matrix.PLATFORM_ARCH }}
            ghcr.io/scito/extract_otp_secrets:bookworm-${{ matrix.PLATFORM_ARCH }}
+          provenance: true
+          sbom: true
          # build on feature branches, push only on master branch
          push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}

@@ -166,7 +168,7 @@ jobs:
    # steps to perform in job
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      # avoid building if there are testing errors
      - name: Run smoke test
@@ -202,7 +204,7 @@ jobs:

      - name: "only_txt: Build image and push to Docker Hub and GitHub Container Registry"
        id: docker_build_only_txt
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          platforms: linux/${{ matrix.DOCKER_ARCH }}
          # relative path to the place where source code with Dockerfile is located
@@ -216,6 +218,8 @@ jobs:
            docker.io/scit0/extract_otp_secrets:alpine-${{ matrix.PLATFORM_ARCH }}
            ghcr.io/scito/extract_otp_secrets:only-txt-${{ matrix.PLATFORM_ARCH }}
            ghcr.io/scito/extract_otp_secrets:alpine-${{ matrix.PLATFORM_ARCH }}
+          provenance: true
+          sbom: true
          # build on feature branches, push only on master branch
          push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
          build-args: |
@@ -292,7 +296,7 @@ jobs:
    # steps to perform in job
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      # avoid building if there are testing errors
      - name: Run smoke test
@@ -329,7 +333,7 @@ jobs:
      - name: "Build image from Bullseye (Debian 11) and push to GitHub Container Registry"
        id: docker_build_bullseye
        if: github.ref == 'refs/heads/master'
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          platforms: linux/${{ matrix.DOCKER_ARCH }}
          # relative path to the place where source code with Dockerfile is located
@@ -343,6 +347,8 @@ jobs:
          tags: |
            docker.io/scit0/extract_otp_secrets:bullseye-${{ matrix.PLATFORM_ARCH }}
            ghcr.io/scito/extract_otp_secrets:bullseye-${{ matrix.PLATFORM_ARCH }}
+          provenance: true
+          sbom: true
          push: ${{ github.secret_source == 'Actions' }}

      - name: Image digest
--- a/.github/workflows/ci_release.yml
+++ b/.github/workflows/ci_release.yml
@@ -57,7 +57,7 @@ jobs:
      tag_message: ${{ steps.meta.outputs.tag_message }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Set meta data
        id: meta
        # Writing to env with >> $GITHUB_ENV is an alternative
@@ -126,7 +126,7 @@ jobs:
    # steps to perform in job
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      # avoid building if there are testing errors
      - name: Run smoke test
@@ -196,7 +196,7 @@ jobs:
          docker run --pull always --entrypoint /bin/bash --rm -v "$(pwd)":/files -w /files docker.io/scit0/extract_otp_secrets -c 'dist/${{ matrix.EXE }} -V && dist/${{ matrix.EXE }} -h && dist/${{ matrix.EXE }} example_export.png && dist/${{ matrix.EXE }} - < example_export.txt && dist/${{ matrix.EXE }} --qr ZBAR example_export.png && dist/${{ matrix.EXE }} --qr QREADER example_export.png && dist/${{ matrix.EXE }} --qr QREADER_DEEP example_export.png && dist/${{ matrix.EXE }} --qr CV2 example_export.png && dist/${{ matrix.EXE }} --qr CV2_WECHAT example_export.png'
      - name: Load Release URL File from release job
        if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: release_url
      - name: Display structure of files
@@ -226,6 +226,7 @@ jobs:
    needs: create-release
    runs-on: ${{ matrix.os }}
    strategy:
+      fail-fast: false
      matrix:
        # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#choosing-github-hosted-runners
        include:
@@ -257,7 +258,7 @@ jobs:
            UPLOAD: false
            CMD_BUILD: |
                pyinstaller -y --add-data $pythonLocation/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_ubuntu_arm64 src/extract_otp_secrets.py
-          - os: macos-13
+          - os: macos-15-intel
            TARGET: macos
            # https://pyinstaller.org/en/stable/spec-files.html#spec-file-options-for-a-macos-bundle
            EXE: extract_otp_secrets
@@ -291,14 +292,14 @@ jobs:
      - name: List Windir
        if: runner.os == 'Windows'
        run: ls "$($Env:WinDir)\system32"
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
      - name: Set macos macos_python_path
        # TODO use variable for Python version
-        run: echo "macos_python_path=/Library/Frameworks/Python.framework/Versions/3.13" >> $GITHUB_ENV
-      - name: Set up Python 3.13
-        uses: actions/setup-python@v5
+        run: echo "macos_python_path=/Library/Frameworks/Python.framework/Versions/3.14" >> $GITHUB_ENV
+      - name: Set up Python 3.14
+        uses: actions/setup-python@v6
        with:
-          python-version: 3.13
+          python-version: 3.14
          check-latest: true
      - name: Install zbar shared lib for QReader (Linux)
        if: runner.os == 'Linux'
@@ -341,12 +342,12 @@ jobs:
          dist/${{ matrix.EXE }} - < example_export.txt
      - name: Load Release URL File from release job
        if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: release_url
      - name: Load Release Id File from release job
        if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: release_id
      - name: Display structure of files
@@ -389,7 +390,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Load Release Id File from release job
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: release_id
      - name: Set meta data
--- a/9
+++ b/9
@@ -4,14 +4,15 @@ verify_ssl = true
 name = "pypi"

 [packages]
-colorama = ">=0.4.6"
+colorama = "0.4.6"
 opencv-contrib-python = "*"
+numpy = "2.3.4"
 # for macOS: opencv-contrib-python = "<=4.7.0"
 pillow = "*"
 pyzbar = "*"
 protobuf = "*"
 qrcode = "*"
-qreader = "<2.0.0"
+qreader = "1.3.2"

 [dev-packages]
 build = "*"
@@ -24,9 +25,7 @@ pylint = "*"
 pytest = "*"
 pytest-cov = "*"
 pytest-mock = "*"
-setuptools-git-versioning = "*"
 types-protobuf = "*"
-wheel = "*"

 [requires]
-python_version = "3.11"
+python_version = "3.14"
--- a/Pipfile.lock
+++ b/Pipfile.lock
--- a/README.md
+++ b/README.md
@@ -2,10 +2,10 @@

 [![CI tests](https://github.com/scito/extract_otp_secrets/actions/workflows/ci.yml/badge.svg)](https://github.com/scito/extract_otp_secrets/actions/workflows/ci.yml)
 [![CI docker](https://github.com/scito/extract_otp_secrets/actions/workflows/ci_docker.yml/badge.svg)](https://github.com/scito/extract_otp_secrets/actions/workflows/ci_docker.yml)
-![coverage](https://img.shields.io/badge/coverage-95%25-brightgreen)
+![coverage](https://img.shields.io/badge/coverage-92%25-brightgreen)
 [![License](https://img.shields.io/github/license/scito/extract_otp_secrets)](https://github.com/scito/extract_otp_secrets/blob/master/LICENSE)
 [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/scito/extract_otp_secrets?sort=semver)](https://github.com/scito/extract_otp_secrets/releases/latest)  
-![python versions](https://img.shields.io/badge/python-3.9%20%7C%203.10%20%7C%203.11%20%7C%203.12%20%7C%203.13-blue)
+![python versions](https://img.shields.io/badge/python-3.9%20%7C%203.10%20%7C%203.11%20%7C%203.12%20%7C%203.13%20%7C%203.14-blue)
 [![Docker image](https://img.shields.io/badge/docker-image-blue)](https://hub.docker.com/repository/docker/scit0/extract_otp_secrets/general)
 [![Linux](https://img.shields.io/badge/os-linux-yellow)](https://github.com/scito/extract_otp_secrets/releases/latest)
 [![Windows](https://img.shields.io/badge/os-windows-yellow)](https://github.com/scito/extract_otp_secrets/releases/latest)
@@ -14,7 +14,7 @@
 [![Stand With Ukraine](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/badges/StandWithUkraine.svg)](https://stand-with-ukraine.pp.ua)
 <!-- ![PyPI - Python Version](https://img.shields.io/pypi/pyversions/protobuf)
 [![GitHub Pipenv locked Python version](https://img.shields.io/github/pipenv/locked/python-version/scito/extract_otp_secrets)](https://github.com/scito/extract_otp_secrets/blob/master/Pipfile.lock)
-![protobuf version](https://img.shields.io/badge/protobuf-5.30.1-informational)-->
+![protobuf version](https://img.shields.io/badge/protobuf-6.33.1-informational)-->

 <!-- [![Github all releases](https://img.shields.io/github/downloads/scito/extract_otp_secrets/total.svg)](https://GitHub.com/scito/extract_otp_secrets/releases/) -->

@@ -224,6 +224,7 @@ For a detailed installation documentation of [pyzbar](https://github.com/Natural

 #### Linux (Fedora)

+    sudo dnf install mesa-libGL
    sudo dnf install zbar

 #### Linux (Arch Linux)
@@ -366,7 +367,7 @@ python extract_otp_secrets.py = < example_export.png</pre>
    * extract_otp_secrets_macos_x86_64 (optional [libzbar](#installation-of-optional-shared-system-libraries-recommended) needs to be installed manually if needed)
        * extract_otp_secrets_macos_x86_64.dmg N/A, see [why](#macos)
        * extract_otp_secrets_macos_x86_64.pkg N/A, see [why](#macos)
-* Prebuilt Docker images provided for amd64 and arm64 (🆕 since v2.0)
+* Prebuilt Docker images provided for amd64 and arm64 on [Docker Hub](https://hub.docker.com/repository/docker/scit0/extract_otp_secrets) and [GitHub Packages](https://github.com/users/scito/packages/container/package/extract_otp_secrets) (🆕 since v2.0)
 * Many ways to run the script:
    * Native Python
    * pipenv
@@ -729,7 +730,7 @@ Command for regeneration of Python code from proto3 message definition file (onl

    protoc --plugin=protoc-gen-mypy=path/to/protoc-gen-mypy --python_out=src/protobuf_generated_python --mypy_out=src/protobuf_generated_python src/google_auth.proto

-The generated protobuf Python code was generated by protoc 30.1 (https://github.com/protocolbuffers/protobuf/releases/tag/v30.1).
+The generated protobuf Python code was generated by protoc 33.1 (https://github.com/protocolbuffers/protobuf/releases/tag/v33.1).

 For Python type hint generation the [mypy-protobuf](https://github.com/nipunn1313/mypy-protobuf) package is used.

--- a/build.sh
+++ b/build.sh
@@ -173,8 +173,9 @@ done
 BIN="$HOME/bin"
 DOWNLOADS="$HOME/downloads"

-PYTHON="python3.11"
-PIP="pip3.11"
+# Set python und pip if not already set in environment
+PYTHON="${PYTHON:=python}"
+PIP="${PIP:=pip}"
 PIPENV="$PYTHON -m pipenv"
 FLAKE8="$PYTHON -m flake8"
 MYPY="$PYTHON -m mypy"
@@ -237,7 +238,7 @@ if $build_local; then
    echo -e "\nProtoc remote version $VERSION\n"
    echo -e "Protoc local version: $OLDVERSION\n"

-    if [ "$OLDVERSION" != "$VERSION" ] || ! $ignore_version_check; then
+    if [ "$OLDVERSION" != "$VERSION" ] && ! $ignore_version_check; then
        echo "Upgrade protoc from $OLDVERSION to $VERSION"

        NAME="protoc-$VERSION"
@@ -381,15 +382,48 @@ if $build_local; then

            $PIPENV --version

-            cmd="$PIPENV --rm && $PIPENV update && $PIPENV install"
+            cmd="rm Pipfile.lock || true; $PIPENV --rm || true"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="$PIPENV install --dev"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="$PIPENV update --dev"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"

            $PIPENV run python --version

+            # pip -e install
+
+            cmd="$PIPENV run pip install -U -e ."
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
            cmd="$PIPENV run pytest --cov=extract_otp_secrets_test tests/"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
+
+
+            cmd="$PIPENV run extract_otp_secrets example_export.txt"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="$PIPENV run extract_otp_secrets - < example_export.txt"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            # Test (needs module)
+
+            cmd="$PIPENV run python src/extract_otp_secrets.py example_export.txt"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="$PIPENV run python src/extract_otp_secrets.py - < example_export.txt"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
        fi

        # Build wheel
@@ -508,7 +542,7 @@ if $build_docker; then
        eval "$cmd"

        # Build extract_otp_secrets (Debian Bullseye)
-        cmd="docker build . -t extract_otp_secrets:bullseye -t extract_otp_secrets:bullseye-x86_64 --pull -f docker/Dockerfile --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.12-slim-bullseye"
+        cmd="docker build . -t extract_otp_secrets:bullseye -t extract_otp_secrets:bullseye-x86_64 --pull -f docker/Dockerfile --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.13-slim-bullseye"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"

@@ -541,7 +575,7 @@ if $build_docker; then
        eval "$cmd"

        # Build extract_otp_secrets (Debian Bullseye)
-        cmd="docker buildx build --platform=linux/arm64 . -t extract_otp_secrets:bullseye-arm64 --pull -f docker/Dockerfile --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.12-slim-bullseye"
+        cmd="docker buildx build --platform=linux/arm64 . -t extract_otp_secrets:bullseye-arm64 --pull -f docker/Dockerfile --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.13-slim-bullseye"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
    fi
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,5 +1,5 @@
 # --build-arg BASE_IMAGE=python:3.11-slim-buster
-ARG BASE_IMAGE=python:3.13-slim-bookworm
+ARG BASE_IMAGE=python:3.14-slim-trixie
 FROM $BASE_IMAGE

 # https://docs.docker.com/engine/reference/builder/
--- a/docker/Dockerfile_only_txt
+++ b/docker/Dockerfile_only_txt
@@ -1,4 +1,4 @@
-ARG BASE_IMAGE=python:3.13-alpine
+ARG BASE_IMAGE=python:3.14-alpine
 FROM $BASE_IMAGE

 # https://docs.docker.com/engine/reference/builder/
--- a/example_output.csv
+++ b/example_output.csv
@@ -1,7 +1,7 @@
-name,secret,issuer,type,counter,url
-pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,raspberrypi,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi
-pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
-pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
-pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,raspberrypi,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi
-hotp demo,7KSQL2JTUDIS5EF65KLMRQIIGY,,hotp,4,otpauth://hotp/hotp%20demo?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&counter=4
-encoding: ¿äÄéÉ? (demo),7KSQL2JTUDIS5EF65KLMRQIIGY,,totp,,otpauth://totp/encoding%3A%20%C2%BF%C3%A4%C3%84%C3%A9%C3%89%3F%20%28demo%29?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
+name,secret,issuer,type,counter,url
+pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,raspberrypi,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi
+pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
+pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
+pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,raspberrypi,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi
+hotp demo,7KSQL2JTUDIS5EF65KLMRQIIGY,,hotp,4,otpauth://hotp/hotp%20demo?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&counter=4
+encoding: ¿äÄéÉ? (demo),7KSQL2JTUDIS5EF65KLMRQIIGY,,totp,,otpauth://totp/encoding%3A%20%C2%BF%C3%A4%C3%84%C3%A9%C3%89%3F%20%28demo%29?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -3,8 +3,7 @@ requires = [
  "pip",
  "nuitka",
  # https://setuptools-git-versioning.readthedocs.io/en/latest/differences.html
-  "setuptools>=64.0.0",
-  "setuptools-git-versioning",
+   "setuptools-git-versioning",
  "wheel>=0.37.0",
 ]
 build-backend = "setuptools.build_meta"
@@ -26,6 +25,7 @@ classifiers = [
    "Programming Language :: Python :: 3.11",
    "Programming Language :: Python :: 3.12",
    "Programming Language :: Python :: 3.13",
+    "Programming Language :: Python :: 3.14",
    "Intended Audience :: End Users/Desktop",
    "Intended Audience :: Developers",
    "Intended Audience :: System Administrators",
@@ -41,6 +41,9 @@ classifiers = [
 dependencies = [
  "colorama>=0.4.6",
  "opencv-contrib-python",
+  "numpy>=2.0,<2.1 ; python_version >= '3.9' and python_version < '3.10'",
+  "numpy>=2.2,<2.3 ; python_version >= '3.10' and python_version < '3.11'",
+  "numpy>=2.3,<3.0 ; python_version >= '3.11'",
  "Pillow",
  "protobuf",
  "pyzbar",
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,8 @@
 colorama>=0.4.6
 opencv-contrib-python
+numpy>=2.0,<2.1 ; python_version >= "3.9" and python_version < "3.10"
+numpy>=2.2,<2.3 ; python_version >= "3.10" and python_version < "3.11"
+numpy>=2.3,<3.0 ; python_version >= "3.11"
 Pillow
 protobuf
 pyzbar
--- a/setup.cfg
+++ b/setup.cfg
@@ -2,7 +2,7 @@
 name = extract_otp_secrets

 [options]
-python_requires = >=3.8, <4
+python_requires = >=3.9, <4
 py_modules = extract_otp_secrets, protobuf_generated_python.google_auth_pb2
 package_dir =
    =src
--- a/src/extract_otp_secrets.py
+++ b/src/extract_otp_secrets.py
@@ -60,8 +60,8 @@ headless: bool = False

 try:
    import cv2
-    import numpy as np
    import cv2.typing
+    import numpy as np

    try:
        import tkinter
@@ -380,14 +380,22 @@ def extract_otps_from_camera(args: Args) -> Otps:
            qr_mode = next_qr_mode(qr_mode)
            continue

-        cv2_print_text(img, f"Mode: {qr_mode.name} (Hit SPACE to change)", 0, TextPosition.LEFT, FONT_COLOR, 20)
-        cv2_print_text(img, "Press ESC to quit", 1, TextPosition.LEFT, FONT_COLOR, 17)
-        cv2_print_text(img, "Press c,j,k,t,u to save as csv/json/keepass/txt/urls file", 2, TextPosition.LEFT, FONT_COLOR, None)
+        try:
+            cv2_print_text(img, f"Mode: {qr_mode.name} (Hit SPACE to change)", 0, TextPosition.LEFT, FONT_COLOR, 20)
+            cv2_print_text(img, "Press ESC to quit", 1, TextPosition.LEFT, FONT_COLOR, 17)
+            cv2_print_text(img, "Press c,j,k,t,u to save as csv/json/keepass/txt/urls file", 2, TextPosition.LEFT, FONT_COLOR, None)

-        cv2_print_text(img, f"{len(otp_urls)} QR code{'s'[:len(otp_urls) != 1]} captured", 0, TextPosition.RIGHT, FONT_COLOR)
-        cv2_print_text(img, f"{len(otps)} otp{'s'[:len(otps) != 1]} extracted", 1, TextPosition.RIGHT, FONT_COLOR)
+            cv2_print_text(img, f"{len(otp_urls)} QR code{'s'[:len(otp_urls) != 1]} captured", 0, TextPosition.RIGHT, FONT_COLOR)
+            cv2_print_text(img, f"{len(otps)} otp{'s'[:len(otps) != 1]} extracted", 1, TextPosition.RIGHT, FONT_COLOR)

-        cv2.imshow(WINDOW_NAME, img)
+            cv2.imshow(WINDOW_NAME, img)
+        except cv2.error as e:
+            # Workaround due to Gtk2/3 problem, see #444
+            if e.code == cv2.Error.StsNullPtr:
+                # Window closed
+                break
+            else:
+                raise e

        quit, qr_mode = cv2_handle_pressed_keys(qr_mode, otps)
        if quit:
@@ -449,7 +457,7 @@ def cv2_handle_pressed_keys(qr_mode: QRMode, otps: Otps) -> Tuple[bool, QRMode]:
                defaultextension='.csv',
                filetypes=[('CSV', '*.csv'), ('All', '*.*')]
            )
-            tk_root.update()
+            tk_root.update()  # noqa: F821 # workaround flake8 false positive, tk_root is defined globally
            if len(file_name) > 0:
                write_csv(file_name, otps)
    elif (key == ord('j') or key == ord('J')) and is_not_headless():
@@ -461,7 +469,7 @@ def cv2_handle_pressed_keys(qr_mode: QRMode, otps: Otps) -> Tuple[bool, QRMode]:
                defaultextension='.json',
                filetypes=[('JSON', '*.json'), ('All', '*.*')]
            )
-            tk_root.update()
+            tk_root.update()  # noqa: F821 # workaround flake8 false positive, tk_root is defined globally
            if len(file_name) > 0:
                write_json(file_name, otps)
    elif (key == ord('k') or key == ord('K')) and is_not_headless():
@@ -473,7 +481,7 @@ def cv2_handle_pressed_keys(qr_mode: QRMode, otps: Otps) -> Tuple[bool, QRMode]:
                defaultextension='.csv',
                filetypes=[('CSV', '*.csv'), ('All', '*.*')]
            )
-            tk_root.update()
+            tk_root.update()  # noqa: F821 # workaround flake8 false positive, tk_root is defined globally
            if len(file_name) > 0:
                write_keepass_csv(file_name, otps)
    elif (key == ord('t') or key == ord('T')) and is_not_headless():
@@ -485,7 +493,7 @@ def cv2_handle_pressed_keys(qr_mode: QRMode, otps: Otps) -> Tuple[bool, QRMode]:
                defaultextension='.txt',
                filetypes=[('Text', '*.txt'), ('All', '*.*')]
            )
-            tk_root.update()
+            tk_root.update()  # noqa: F821 # workaround flake8 false positive, tk_root is defined globally
            if len(file_name) > 0:
                write_txt(file_name, otps, True)
    elif (key == ord('u') or key == ord('U')) and is_not_headless():
@@ -497,15 +505,13 @@ def cv2_handle_pressed_keys(qr_mode: QRMode, otps: Otps) -> Tuple[bool, QRMode]:
                defaultextension='.txt',
                filetypes=[('Text', '*.txt'), ('All', '*.*')]
            )
-            tk_root.update()
+            tk_root.update()  # noqa: F821 # workaround flake8 false positive, tk_root is defined globally
            if len(file_name) > 0:
                write_urls(file_name, otps)
    elif key == 32:
        qr_mode = next_valid_qr_mode(qr_mode, zbar_available)
        if verbose >= LogLevel.MORE_VERBOSE: print(f"QR reading mode: {qr_mode}")
-    if cv2.getWindowProperty(WINDOW_NAME, cv2.WND_PROP_VISIBLE) < 1:
-        # Window close clicked
-        quit = True
+    # Do not check for invisible window due to Gtk2/3 problem, see #444
    return quit, qr_mode


@@ -837,7 +843,7 @@ def check_file_exists(filename: str) -> None:
 def has_no_otps_show_warning(otps: Otps) -> bool:
    if len(otps) == 0:
        tkinter.messagebox.showinfo(title="No data", message="There are no otp secrets to write")
-        tk_root.update()  # dispose dialog
+        tk_root.update()  # dispose dialog # noqa: F821 # workaround flake8 false positive, tk_root is defined globally
    return len(otps) == 0


--- a/src/protobuf_generated_python/google_auth_pb2.py
+++ b/src/protobuf_generated_python/google_auth_pb2.py
@@ -2,7 +2,7 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # NO CHECKED-IN PROTOBUF GENCODE
 # source: google_auth.proto
-# Protobuf Python Version: 6.30.1
+# Protobuf Python Version: 6.33.0
 """Generated protocol buffer code."""
 from google.protobuf import descriptor as _descriptor
 from google.protobuf import descriptor_pool as _descriptor_pool
@@ -12,8 +12,8 @@ from google.protobuf.internal import builder as _builder
 _runtime_version.ValidateProtobufRuntimeVersion(
    _runtime_version.Domain.PUBLIC,
    6,
-    30,
-    1,
+    33,
+    0,
    '',
    'google_auth.proto'
 )