Merge commit from fork

* security: set 600 permissions on auth token cache file

https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-pwhh-q4h6-w599

* Update spotipy/cache_handler.py

Co-authored-by: Niko <github@dieserniko.link>

* add newline back in

---------

Co-authored-by: Niko <github@dieserniko.link>

CHANGELOG.md

@@ -19,6 +19,7 @@ Add your changes below.
 
 - Fixed scripts in examples directory that didn't run correctly
 - Updated documentation for `Client.current_user_top_artists` to indicate maximum number of artists limit
+- Set auth cache file permissions to `600`: https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-pwhh-q4h6-w599
 
 ### Changed
 

spotipy/cache_handler.py

@@ -94,8 +94,12 @@ class CacheFileHandler(CacheHandler):
         try:
             with open(self.cache_path, "w", encoding='utf-8') as f:
                 f.write(json.dumps(token_info, cls=self.encoder_cls))
+            # https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-pwhh-q4h6-w599
+            os.chmod(self.cache_path, 0o600)
         except OSError:
             logger.warning(f"Couldn't write token to cache at: {self.cache_path}")
+        except FileNotFoundError:
+            logger.warning(f"Couldn't set permissions to cache file at: {self.cache_path}")
 
 
 class MemoryCacheHandler(CacheHandler):