Merge branch 'main' into fix/inconsistent-project-role-events

Author: ewdurbin

requirements/docs.txt

@@ -16,9 +16,9 @@ certifi==2022.6.15 \
     --hash=sha256:84c85a9078b11105f04f3036a9482ae10e4621616db313fe045dd24743a0820d \
     --hash=sha256:fe86415d55e84719d75f8b69414f6438ac3547d2078ab91b67e779ef69378412
     # via requests
-charset-normalizer==2.0.12 \
-    --hash=sha256:2857e29ff0d34db842cd7ca3230549d1a697f96ee6d3fb071cfa6c7393832597 \
-    --hash=sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df
+charset-normalizer==2.1.0 \
+    --hash=sha256:5189b6f22b01957427f35b6a08d9a0bc45b46d3788ef5a92e978433c7a35f8a5 \
+    --hash=sha256:575e708016ff3a5e3681541cb9d79312c416835686d054a23accb873b254f413
     # via requests
 docutils==0.17.1 \
     --hash=sha256:686577d2e4c32380bb50cbb22f575ed742d58168cee37e99117a854bcd88f125 \
@@ -147,7 +147,7 @@ sphinxcontrib-serializinghtml==1.1.5 \
     --hash=sha256:352a9a00ae864471d3a7ead8d7d79f5fc0b57e8b3f95e9867eb9eb28999b92fd \
     --hash=sha256:aa5f6de5dfdf809ef505c4895e51ef5c9eac17d0f287933eb49ec495280b6952
     # via sphinx
-urllib3==1.26.9 \
-    --hash=sha256:44ece4d53fb1706f667c9bd1c648f5469a2ec925fcf3a776667042d645472c14 \
-    --hash=sha256:aabaf16477806a5e1dd19aa41f8c2b7950dd3c746362d7e3223dbe6de6ac448e
+urllib3==1.26.10 \
+    --hash=sha256:8298d6d56d39be0e3bc13c1c97d133f9b45d797169a0e11cdd0e0489d786f7ec \
+    --hash=sha256:879ba4d1e89654d9769ce13121e0f94310ea32e8d2f8cf587b77c08bbcdb30d6
     # via requests

requirements/lint.txt

@@ -33,13 +33,13 @@ black==22.6.0 \
     --hash=sha256:f586c26118bc6e714ec58c09df0157fe2d9ee195c764f630eb0d8e7ccce72e69 \
     --hash=sha256:f6fe02afde060bbeef044af7996f335fbe90b039ccf3f5eb8f16df8b20f77666
     # via -r requirements/lint.in
-boto3-stubs==1.24.22 \
-    --hash=sha256:0602494ca5ae96fd6a275f1fb47c79b565bd1b7d6bcb3427db9db10b5a05dea4 \
-    --hash=sha256:f6166156e6e6b03f27056efcab1c38fbf98d886743470ce1b900c4d56977817f
+boto3-stubs==1.24.25 \
+    --hash=sha256:89406d1952f352119213c75100a98e9a10bafff0a3c893619442d1048ea8ad29 \
+    --hash=sha256:ddd5821abbcd1742a28a9f2aa4ef79e13e0de6fab87799fe79f9630114467b07
     # via types-boto3
-botocore-stubs==1.27.22 \
-    --hash=sha256:56c687edac63deb757623c152265aa37e8e79492f482bc334f5ce084b70c80b7 \
-    --hash=sha256:ec94790abb50ae7da42f1650f09a35a86ef257c50f03b0a618ede1ed807b5609
+botocore-stubs==1.27.25 \
+    --hash=sha256:72779b2fc5b062e5bef86079fa6c7314375f74bf9b95f03fe888b7604c8c9452 \
+    --hash=sha256:f0cd462c2b991c19478135259857628c706a4fd83043c266f94b2cb7a1d29a16
     # via boto3-stubs
 celery-types==0.13.1 \
     --hash=sha256:0a92d8eded085d055595b04290dd8e5fcd84f4412a00a25f2122d4e6c58a1f56 \
@@ -195,9 +195,9 @@ types-itsdangerous==1.1.6 \
     --hash=sha256:21c6966c10e353a5d35d36c82aaa2c5598d3bc32ddc8e0591276da5ad2e3c638 \
     --hash=sha256:aef2535c2fa0527dcce244ece0792b20ec02ee46533800735275f82a45a0244d
     # via -r requirements/lint.in
-types-passlib==1.7.5 \
-    --hash=sha256:810ce820882a900429b2cbe6554851182370337c7246b0e0728ff4145db0edcf \
-    --hash=sha256:8366c5e31bbff65c0a6d1a0f10e84fba567797680c643b485b072691bc0908db
+types-passlib==1.7.6 \
+    --hash=sha256:5d84edb4398590030e3218b8918395fe4010cb6d7550a6ee94511470938f3e34 \
+    --hash=sha256:8056111211c917c83050a0e1a692f699896c2078d79fce9969c7373018a2183c
     # via -r requirements/lint.in
 types-psycopg2==2.9.16 \
     --hash=sha256:adf3be817cb82e17e6d36c4112718dbda38f98db291d736f022a1d89b53c832c \
@@ -233,9 +233,9 @@ types-stdlib-list==0.8.1 \
     --hash=sha256:1ba8c5ac639715bc3670da07e1679acbedc6834dd6caba5e6c7fb14aa468d5ed \
     --hash=sha256:f7fb88d8c602911256918ba8985ac9d9176ff4ca31d6138fedea1a5992b69645
     # via -r requirements/lint.in
-types-urllib3==1.26.15 \
-    --hash=sha256:6011befa13f901fc934f59bb1fd6973be6f3acf4ebfce427593a27e7f492918f \
-    --hash=sha256:c89283541ef92e344b7f59f83ea9b5a295b16366ceee3f25ecfc5593c79f794e
+types-urllib3==1.26.16 \
+    --hash=sha256:20588c285e5ca336d908d2705994830a83cfb6bda40fc356bbafaf430a262013 \
+    --hash=sha256:8bb3832c684c30cbed40b96e28bc04703becb2b97d82ac65ba4b968783453b0e
     # via types-requests
 typing-extensions==4.3.0 \
     --hash=sha256:25642c956049920a5aa49edcdd6ab1e06d7e5d467fc00e0506c44ac86fbfca02 \

requirements/main.in

@@ -26,6 +26,7 @@ kombu[sqs]~=5.2.4  # https://github.com/celery/celery/issues/7070
 mistune
 msgpack
 natsort
+orjson
 packaging>=15.2
 paginate>=0.5.2
 paginate_sqlalchemy

requirements/main.txt

@@ -80,15 +80,15 @@ bleach==5.0.1 \
     --hash=sha256:085f7f33c15bd408dd9b17a4ad77c577db66d76203e5984b1bd59baeee948b2a \
     --hash=sha256:0d03255c47eb9bd2f26aa9bb7f2107732e7e8fe195ca2f64709fcf3b0a4a085c
     # via readme-renderer
-boto3==1.24.22 \
-    --hash=sha256:67d404c643091d4aa37fc485193289ad859f1f65f94d0fa544e13bdd1d4187c1 \
-    --hash=sha256:c9a9f893561f64f5b81de197714ac4951251a328672a8dba28ad4c4a589c3adf
+boto3==1.24.25 \
+    --hash=sha256:453136cdfeccec5ac969e8b237916ef387cd6b150e38757b6c51cd4808c7969b \
+    --hash=sha256:7f2772aa9f8fef011ad1bf5e631365bfeda20952a75a9edead3f5396aa1e8565
     # via
     #   -r requirements/main.in
     #   kombu
-botocore==1.27.22 \
-    --hash=sha256:7145d9b7cae87999a9f074de700d02a1b3222ee7d1863aa631ff56c5fc868035 \
-    --hash=sha256:f57cb33446deef92e552b0be0e430d475c73cf64bc9e46cdb4783cdfe39cb6bb
+botocore==1.27.25 \
+    --hash=sha256:345616f51ee6c4f3edefa1623cf65a954ba21576371c153dfc2b8ed642870999 \
+    --hash=sha256:cc4f025dc7187797b6b7115274399612b3fe8e777150fc9df7e132bd9e90901c
     # via
     #   boto3
     #   s3transfer
@@ -216,9 +216,9 @@ cffi==1.15.1 \
     #   cmarkgfm
     #   cryptography
     #   pynacl
-charset-normalizer==2.0.12 \
-    --hash=sha256:2857e29ff0d34db842cd7ca3230549d1a697f96ee6d3fb071cfa6c7393832597 \
-    --hash=sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df
+charset-normalizer==2.1.0 \
+    --hash=sha256:5189b6f22b01957427f35b6a08d9a0bc45b46d3788ef5a92e978433c7a35f8a5 \
+    --hash=sha256:575e708016ff3a5e3681541cb9d79312c416835686d054a23accb873b254f413
     # via requests
 click==8.1.3 \
     --hash=sha256:7682dc8afb30297001674575ea00d1814d808d6a36af415a82bd481d37ba7b8e \
@@ -830,6 +830,46 @@ natsort==8.1.0 \
     --hash=sha256:c7c1f3f27c375719a4dfcab353909fe39f26c2032a062a8c80cc844eaaca0445 \
     --hash=sha256:f59988d2f24e77b6b56f8a8f882d5df6b3b637e09e075abc67b486d59fba1a4b
     # via -r requirements/main.in
+orjson==3.7.7 \
+    --hash=sha256:0033c7279f0ffa2720d72a6234a1d22c86c13bf5217a99c5ba523a0aebb27b75 \
+    --hash=sha256:092fde5b1768ca68af0d3764746e93b4b7200050fdd9c1ea044fd106e2379951 \
+    --hash=sha256:2850cf49537c246000f5f89555d6fb7042bb4612214605a60bea89cbe0add213 \
+    --hash=sha256:2c43fd0317a7114e617f5b8aefd0d0a61b387927a1914b79ebd0d1235c658f5b \
+    --hash=sha256:313bcab8cd59d61e12bbf76a9b5f3eaf50848e3fb370a54f712ad3e3e0a48165 \
+    --hash=sha256:3e9b1f19b408199af4d4ad590f6935ba77342a3fe1d64cbbfe428025a03a2405 \
+    --hash=sha256:3f9fbf760c6612d08a4ea873e4fab1e657f826834deda58c2ba1406ef150b1b6 \
+    --hash=sha256:559f40a91bfde23137e107f2f8baaf0bef35e066d0b35dcf4e1dac8bc83a05b3 \
+    --hash=sha256:5c8141895c8b0a8b4d0bc1879d1c1e3ec3f7d7e29e0bd8a0146ef3f9cf13c325 \
+    --hash=sha256:5f20d0d48335262ca3695f98599446bf5ca8825193d1f4bf6eb08fb0c414befa \
+    --hash=sha256:5ff90b571023787dcbb504a1695ad137149df30d213128b1aa02fc82dd12a526 \
+    --hash=sha256:6340e57fece4fa0eebd1e5c48e2c844b329491d97bfe6843149eb45365ff837a \
+    --hash=sha256:657ce6d735dc3a6fba5043d831e769698db849915d581dd4d1e62fcc2eaed876 \
+    --hash=sha256:6a743e05de78758f9ff81a4e705e6226b06a5f8abba63b39cb0f56926c2045c5 \
+    --hash=sha256:6e5ea0fcf3452cd19ad34b37ca6279c4395b859c77fe1cf7e26d31a3e6ebafd5 \
+    --hash=sha256:6fbf29bb7897d345bd0120c466cd923c70a5d661144221457cbed637f4c93d1b \
+    --hash=sha256:70cffd48faafabdd7e42f35e38731c43200d525fdbabc587b1e2aa731d182f85 \
+    --hash=sha256:7f80825fa7a48c4abcd636d3c182a71ad1cb548db66b8aafad50dfd328c29ae0 \
+    --hash=sha256:891c0f2cb44beafa911cf7e15165dee8b8acaa5b48a75abaf37d529e1de68344 \
+    --hash=sha256:8c30ad18fad795690527b030cfed3e8402ebe3a15e7a1a779a00acc0b3587e89 \
+    --hash=sha256:8da26f1fd335e466e79779571326679b179bb7cf3cce9750bf9c1077e9298a6f \
+    --hash=sha256:9f7f420ab7efde90c7277e92dccf217b4bac628b044fdc857888cdba23126214 \
+    --hash=sha256:a34002a6b6eb105d3ac493368f0a8911ab8e5f005282d43cc75912bbbdf50734 \
+    --hash=sha256:aee6715db93b3d743adc69f55ed20df6a782b5e354d26a7817e507e2bd6d2231 \
+    --hash=sha256:b6a6d00e917e1844d3a9b6ed68d31f824d98e1e4a3578618dd146db58b5d901b \
+    --hash=sha256:ba48e06659c43ed6658f203893b74b4e8392231959bcb2421fdde39eca62520c \
+    --hash=sha256:c1e8489d50bb0cffb5ccb70c3459f79dee1aeb997abfd97751d3862b32bce412 \
+    --hash=sha256:ce3acc906a6aa7923bc7c78472196b2b7cf7c160aff01946984d51fcde9e9483 \
+    --hash=sha256:d8f1aa7fd08f001b5f13d0c8c862609bb7de7291b256630f97590eb7c78d2dda \
+    --hash=sha256:d9af18e8200b500585627414ec7b0806b5b569a318d6c84447afb02e7eae5bfa \
+    --hash=sha256:dbf716120886776706781c2c05ebbc254355e384bfe387b76ca07ee97da6fbfc \
+    --hash=sha256:e8bfad95df150d95ca67a4484d9f56e2bd0a932a5eb4635bbb5cd45130ca9251 \
+    --hash=sha256:ea0f6da9089e155acf234c0cd0883f84812547174be8d0fef478bce2b00bd6f9 \
+    --hash=sha256:ea3eaa8823bbbaae7af9669ca68b0e0bd794ee0938900d73f5f321fb13bb5ab5 \
+    --hash=sha256:ead2c1dce61c2e3bad31af48c2dccbbc23c55bbe70870af437203a7c4b229bae \
+    --hash=sha256:ee2cd3ac6283832d93085910df8367a469bd9dbfafeb8d4dc8c5cc8648bf965c \
+    --hash=sha256:f0c512efeee1fb94426b1e4c64f07c4af5eec08b96cf4835c3a05ad395e0b83a \
+    --hash=sha256:fa9451779dba8546962bc02ce2aeed9de6e069f7101f8db2784beaf71ede4dd0
+    # via -r requirements/main.in
 packaging==21.3 \
     --hash=sha256:dd47c42927d89ab911e606518907cc2d3a1f38bbd026385970643f9c5b8ecfeb \
     --hash=sha256:ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522
@@ -1236,9 +1276,9 @@ typing-extensions==4.3.0 \
     # via
     #   limits
     #   pydantic
-urllib3==1.26.9 \
-    --hash=sha256:44ece4d53fb1706f667c9bd1c648f5469a2ec925fcf3a776667042d645472c14 \
-    --hash=sha256:aabaf16477806a5e1dd19aa41f8c2b7950dd3c746362d7e3223dbe6de6ac448e
+urllib3==1.26.10 \
+    --hash=sha256:8298d6d56d39be0e3bc13c1c97d133f9b45d797169a0e11cdd0e0489d786f7ec \
+    --hash=sha256:879ba4d1e89654d9769ce13121e0f94310ea32e8d2f8cf587b77c08bbcdb30d6
     # via
     #   botocore
     #   elasticsearch

requirements/tests.txt

@@ -20,9 +20,9 @@ certifi==2022.6.15 \
     --hash=sha256:84c85a9078b11105f04f3036a9482ae10e4621616db313fe045dd24743a0820d \
     --hash=sha256:fe86415d55e84719d75f8b69414f6438ac3547d2078ab91b67e779ef69378412
     # via requests
-charset-normalizer==2.0.12 \
-    --hash=sha256:2857e29ff0d34db842cd7ca3230549d1a697f96ee6d3fb071cfa6c7393832597 \
-    --hash=sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df
+charset-normalizer==2.1.0 \
+    --hash=sha256:5189b6f22b01957427f35b6a08d9a0bc45b46d3788ef5a92e978433c7a35f8a5 \
+    --hash=sha256:575e708016ff3a5e3681541cb9d79312c416835686d054a23accb873b254f413
     # via requests
 coverage==6.4.1 \
     --hash=sha256:01c5615d13f3dd3aa8543afc069e5319cfa0c7d712f6e04b920431e5c564a749 \
@@ -71,9 +71,9 @@ factory-boy==3.2.1 \
     --hash=sha256:a98d277b0c047c75eb6e4ab8508a7f81fb03d2cb21986f627913546ef7a2a55e \
     --hash=sha256:eb02a7dd1b577ef606b75a253b9818e6f9eaf996d94449c9d5ebb124f90dc795
     # via -r requirements/tests.in
-faker==13.14.0 \
-    --hash=sha256:0297b7fc0f2458dfff8d5a92335c62fa25fb059f8cbaf7db580a0dd7177aff2e \
-    --hash=sha256:b9f93ec97a70da79d43f497aa7b2b7d2bcd5d0c6d3ab7c102dde4193d0a38351
+faker==13.15.0 \
+    --hash=sha256:8e94a749d2f3d9b367f61eb33be6a534f0a2d305c54e912ee6618370e3278db7 \
+    --hash=sha256:a126fa66f54e65a67f913dcc698c9d023def7277882536bde2968fcac701bfd5
     # via factory-boy
 freezegun==1.2.1 \
     --hash=sha256:15103a67dfa868ad809a8f508146e396be2995172d25f927e48ce51c0bf5cb09 \
@@ -194,9 +194,9 @@ tomli==2.0.1 \
     --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc \
     --hash=sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f
     # via pytest
-urllib3==1.26.9 \
-    --hash=sha256:44ece4d53fb1706f667c9bd1c648f5469a2ec925fcf3a776667042d645472c14 \
-    --hash=sha256:aabaf16477806a5e1dd19aa41f8c2b7950dd3c746362d7e3223dbe6de6ac448e
+urllib3==1.26.10 \
+    --hash=sha256:8298d6d56d39be0e3bc13c1c97d133f9b45d797169a0e11cdd0e0489d786f7ec \
+    --hash=sha256:879ba4d1e89654d9769ce13121e0f94310ea32e8d2f8cf587b77c08bbcdb30d6
     # via
     #   requests
     #   responses

tests/unit/test_config.py

@@ -14,6 +14,7 @@
 
 from unittest import mock
 
+import orjson
 import pretend
 import pytest
 
@@ -443,7 +444,10 @@ def __init__(self):
     ]
 
     assert json_renderer_cls.calls == [
-        pretend.call(sort_keys=True, separators=(",", ":"))
+        pretend.call(
+            serializer=orjson.dumps,
+            option=orjson.OPT_SORT_KEYS | orjson.OPT_APPEND_NEWLINE,
+        )
     ]
 
     assert xmlrpc_renderer_cls.calls == [pretend.call(allow_none=True)]

warehouse/config.py

@@ -15,6 +15,7 @@
 import os
 import shlex
 
+import orjson
 import transaction
 
 from pyramid import renderers
@@ -175,6 +176,7 @@ def configure(settings=None):
         default="https://api.github.com/meta/public_keys/token_scanning",
     )
     maybe_set(settings, "warehouse.trending_table", "WAREHOUSE_TRENDING_TABLE")
+    maybe_set(settings, "warehouse.downloads_table", "WAREHOUSE_DOWNLOADS_TABLE")
     maybe_set(settings, "celery.broker_url", "BROKER_URL")
     maybe_set(settings, "celery.result_url", "REDIS_URL")
     maybe_set(settings, "celery.scheduler_url", "REDIS_URL")
@@ -451,7 +453,13 @@ def configure(settings=None):
 
     # We want to configure our JSON renderer to sort the keys, and also to use
     # an ultra compact serialization format.
-    config.add_renderer("json", renderers.JSON(sort_keys=True, separators=(",", ":")))
+    config.add_renderer(
+        "json",
+        renderers.JSON(
+            serializer=orjson.dumps,
+            option=orjson.OPT_SORT_KEYS | orjson.OPT_APPEND_NEWLINE,
+        ),
+    )
 
     # Configure retry support.
     config.add_settings({"retry.attempts": 3})

warehouse/packaging/tasks.py

@@ -17,6 +17,7 @@
 import pip_api
 
 from google.cloud.bigquery import LoadJobConfig
+from packaging.utils import canonicalize_name
 
 from warehouse import tasks
 from warehouse.accounts.models import User, WebAuthn
@@ -64,11 +65,11 @@ def compute_2fa_mandate(request):
     )
     top_projects = set(row.get("project_name") for row in query.result())
 
-    project_names = our_dependencies | top_projects
+    project_names = {canonicalize_name(n) for n in our_dependencies | top_projects}
 
     # Get the projects that were not previously in the mandate
     new_projects = request.db.query(Project).filter(
-        Project.name.in_(project_names), Project.pypi_mandates_2fa.is_(False)
+        Project.normalized_name.in_(project_names), Project.pypi_mandates_2fa.is_(False)
     )
 
     # Get their maintainers

warehouse/templates/base.html

@@ -101,10 +101,10 @@
     <link rel="canonical" href="{% block canonical_url %}{% endblock %}">
     {% endif %}
 
-    <meta property="og:url" content="{% if request.matched_route %}{{ request.current_route_url() }}{% else %}{{ request.urll }}{% endif %}">
+    <meta property="og:url" content="{% if request.matched_route %}{{ request.current_route_url() }}{% else %}{{ request.url }}{% endif %}">
     <meta property="og:site_name" content="PyPI">
     <meta property="og:type" content="website">
-    <meta property="og:image" content="{{ request.static_url('warehouse:static/dist/images/twitter.jpg') }}">
+    <meta property="og:image" content="{% block image %}{{ request.static_url('warehouse:static/dist/images/twitter.jpg') }}{% endblock %}">
     <meta property="og:title" content="{{ self.title()|default('Python Package Index') }}">
     <meta property="og:description" content="{{ self.description() }}">
     {% block extra_meta %}{% endblock %}

warehouse/templates/email/two-factor-mandate/body.html

@@ -16,22 +16,22 @@
 
 {% block content %}
 <p>
-Congratulations! A project you ('{{ username }}') maintain has been designated as a critical project.
+A project you ('{{ username }}') maintain has been designated as a critical project on PyPI. You can see which project(s) has been designated at <a href="{{ request.route_url("manage.projects", _host="pypi.org") }}">{{ request.route_url("manage.projects", _host="pypi.org") }}</a>.
 </p>
 
 <p>
-As part of this effort, in the coming months maintainers of projects designated as critical will be required to enable two-factor authentication on their account in order to add new releases or otherwise modify a critical project.
+As part of this effort, in the coming months maintainers of projects designated as critical, like yourself, will be required to enable two-factor authentication on their account in order to add new releases or otherwise modify a critical project.
 </p>
 
 <p>
 {% if has_two_factor %}
 Since you already have two-factor authentication enabled on your account, there's nothing you need to do at this time.
 {% else %}
-You can enable two-factor authenticaion on your account today by visiting <a href="{{ request.route_url("accounts.two-factor") }}">{{ request.route_url("accounts.two-factor") }}</a>.
+You can enable two-factor authentication on your account today by visiting <a href="{{ request.route_url("manage.account.two-factor", _host="pypi.org") }}">{{ request.route_url("manage.account.two-factor", _host="pypi.org") }}</a>.
 {% endif %}
 </p>
 
 <p>
-PS: To make it easier for maintainers like you to enable two-factor authentication, we're also distributing security keys to eligible maintainers. See <a href="{{ request.route_url("security-key-giveaway") }}">{{ request.route_url("security-key-giveaway") }}</a> for more details.
+PS: To make it easier for maintainers like you to enable two-factor authentication, we're also distributing security keys to eligible maintainers. See <a href="{{ request.route_url("security-key-giveaway", _host="pypi.org") }}">{{ request.route_url("security-key-giveaway", _host="pypi.org") }}</a> for more details.
 </p>
 {% endblock %}

warehouse/templates/email/two-factor-mandate/body.txt

@@ -14,16 +14,16 @@
 {% extends "email/_base/body.txt" %}
 
 {% block content %}
-Congratulations! A project you ('{{ username }}') maintain has been designated as a critical project.
+A project you ('{{ username }}') maintain has been designated as a critical project on PyPI. You can see which project(s) has been designated at {{ request.route_url("manage.projects", _host="pypi.org") }}.
 
-As part of this effort, in the coming months maintainers of projects designated as critical will be required to enable two-factor authentication on their account in order to add new releases or otherwise modify a critical project.
+As part of this effort, in the coming months maintainers of projects designated as critical, like yourself, will be required to enable two-factor authentication on their account in order to add new releases or otherwise modify a critical project.
 
 {% if has_two_factor -%}
 Since you already have two-factor authentication enabled on your account, there's nothing you need to do at this time.
 {%- else -%}
-You can enable two-factor authenticaion on your account today by visiting {{ request.route_url("accounts.two-factor") }}.
+You can enable two-factor authentication on your account today by visiting {{ request.route_url("manage.account.two-factor", _host="pypi.org") }}.
 {%- endif %}
 
-PS: To make it easier for maintainers like you to enable two-factor authentication, we're also distributing security keys to eligible maintainers. See {{ request.route_url("security-key-giveaway") }} for more details.
+PS: To make it easier for maintainers like you to enable two-factor authentication, we're also distributing security keys to eligible maintainers. See {{ request.route_url("security-key-giveaway", _host="pypi.org") }} for more details.
 
 {% endblock %}

warehouse/templates/packaging/detail.html

@@ -27,7 +27,7 @@
   {% set icon = "fas fa-book" %}
 {% elif name.lower().startswith(("bug", "issue", "tracker", "report")) %}
   {% set icon = "fas fa-bug" %}
-{% elif name.lower().startswith(("funding", "donate", "donation")) %}
+{% elif name.lower().startswith(("funding", "donate", "donation", "sponsor")) %}
   {% set icon = "fas fa-donate" %}
 {% elif parsed.netloc in ["github.com", "github.io"] or parsed.netloc.endswith((".github.com", ".github.io")) %}
   {% set icon = "fab fa-github" %}