You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Message from @rduivenvoorde on the commnunity mailinglist:
On the QGIS-Documentation repository I got a message from github,
telling us we use a component with a security issue ("moderate
severity")in it, pointing to:
It's about the used python requests-module, and tells us:
Upgrade requests to version 2.20.0 or later.
Apparently, we use an older version-nr in our REQUIREMENTS.txt.
Please remind me to do this, or can somebody else try/test.
I changed the requests version to 2.20 in the requirements.txt file and updated my virtualenv to reflect that.
I was able to build html (english only).
I also tried the docker image and everything built without issues, but I am not sure if the requirements are taken in consideration in the docker build (probably not)
I was not able to build any PDF, not sure If I am missing some piece, but I always get the following:
(---)
copying TeX support files...
done
build succeeded, 1 warning.
# Compile the pdf docs for that locale
# we use texi2pdf since latexpdf target is not available via
# sphinx-build which we need to use since we need to pass language flag
mkdir -p output/pdf/en
# need to build 3x to have proper toc and index
# currently texi2pdf has bad exit status. Please ignore errors!!
# prepending the texi2pdf command with - keeps make going instead of quitting
# japanese pdf has problems, when build with texi2pdf
# as alternative we can use platex
# for russian pdf you need package 'texlive-lang-cyrillic' installed
# for japanese pdf you need: 'cmap-adobe-japan1 cmap-adobe-japan2 latex-cjk-all nkf okumura-clsfiles ptex-base ptex-bin texlive-fonts-extra'
/usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
/usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
/usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
make: [pdf] Error 1 (ignored)
Makefile:83: recipe for target 'pdf' failed
mv output/latex/en/QGISUserGuide.pdf output/pdf/en/QGIS-testing-UserGuide.pdf
# pyqgis developer cookbook
/usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
/usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
/usr/bin/texi2dvi: pdflatex exited with bad status, quitting.
make: [pdf] Error 1 (ignored)
Makefile:83: recipe for target 'pdf' failed
mv output/latex/en/PyQGISDeveloperCookbook.pdf output/pdf/en/QGIS-testing-PyQGISDeveloperCookbook.pdf
# training manual
mv output/latex/en/QGISTrainingManual.pdf output/pdf/en/QGIS-testing-QGISTrainingManual.pdf
# developer guidelines
mv output/latex/en/QGISDevelopersGuide.pdf output/pdf/en/QGIS-testing-QGISDevelopersGuide.pdf
Description
Message from @rduivenvoorde on the commnunity mailinglist:
On the QGIS-Documentation repository I got a message from github,
telling us we use a component with a security issue ("moderate
severity")in it, pointing to:
https://github.com/qgis/QGIS-Documentation/network/alert/REQUIREMENTS.txt/requests/open
Pointing to
https://nvd.nist.gov/vuln/detail/CVE-2018-18074
It's about the used python requests-module, and tells us:
Upgrade requests to version 2.20.0 or later.
Apparently, we use an older version-nr in our REQUIREMENTS.txt.
Please remind me to do this, or can somebody else try/test.
Checklist
If it's related to QGIS application or website, please refer to http://qgis.org/en/site/getinvolved/development/bugreporting.html
for the right issue tracker or to the support channels
The text was updated successfully, but these errors were encountered: