From c1cbf15bb3dafff6ae2daffe10b22896c6009be9 Mon Sep 17 00:00:00 2001 From: Jiangge Zhang Date: Thu, 1 Nov 2018 15:27:03 +0800 Subject: [PATCH 1/5] Upgrade requests to 2.20.0 for CVE-2018-18074 https://nvd.nist.gov/vuln/detail/CVE-2018-18074 --- docs/requirements-dev.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/requirements-dev.txt b/docs/requirements-dev.txt index 9acfcd2..007edad 100644 --- a/docs/requirements-dev.txt +++ b/docs/requirements-dev.txt @@ -1,8 +1,7 @@ -backports.ssl-match-hostname==3.4.0.2 docker-py==0.7.1 Flask==0.10.1 itsdangerous==0.24 -requests==2.4.3 +requests==2.20.0 six==1.9.0 websocket-client==0.23.0 Werkzeug==0.10 From e414a9bcb05fe53917b4c5ef8f7af4cb2c63d6ed Mon Sep 17 00:00:00 2001 From: Jiangge Zhang Date: Thu, 1 Nov 2018 15:30:17 +0800 Subject: [PATCH 2/5] Upgrade flask to 0.12.3+ for CVE-2018-1000656 https://nvd.nist.gov/vuln/detail/CVE-2018-1000656 --- docs/requirements-dev.txt | 2 +- setup.cfg | 9 +++++---- tests/{__init__.py => conftest.py} | 0 tests/test_factory.py | 4 ++-- tox.ini | 8 +++++++- 5 files changed, 15 insertions(+), 8 deletions(-) rename tests/{__init__.py => conftest.py} (100%) diff --git a/docs/requirements-dev.txt b/docs/requirements-dev.txt index 007edad..14dead8 100644 --- a/docs/requirements-dev.txt +++ b/docs/requirements-dev.txt @@ -1,5 +1,5 @@ docker-py==0.7.1 -Flask==0.10.1 +Flask==0.12.4 itsdangerous==0.24 requests==2.20.0 six==1.9.0 diff --git a/setup.cfg b/setup.cfg index df75c2a..5577963 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,6 +1,7 @@ -[pytest] -addopts = --pep8 --cov flask_docker.py -pep8ignore = - docs/conf.py ALL [bdist_wheel] universal = 1 + +[tool:pytest] +addopts = --pep8 --cov flask_docker +pep8ignore = + docs/conf.py ALL diff --git a/tests/__init__.py b/tests/conftest.py similarity index 100% rename from tests/__init__.py rename to tests/conftest.py diff --git a/tests/test_factory.py b/tests/test_factory.py index 30f22f2..02a07b1 100644 --- a/tests/test_factory.py +++ b/tests/test_factory.py @@ -32,11 +32,11 @@ def test_out_of_context(): # but if we... with raises(RuntimeError) as error: docker.app.name - assert error.value.args[0] == 'working outside of application context' + assert 'outside of application context' in error.value.args[0] with raises(RuntimeError) as error: docker.client - assert error.value.args[0] == 'working outside of application context' + assert 'outside of application context' in error.value.args[0] def test_url_missing(app): diff --git a/tox.ini b/tox.ini index 44b8b48..eeff26f 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,11 @@ [tox] -envlist = py27,py33,py34,pypy,docs +envlist = py27,py34,py35,py36,py37,pypy,docs + [testenv] +# Fit for the bad design of Python 3.x +setenv = + LC_ALL=C.UTF-8 + LANG=C.UTF-8 deps = setuptools>=12.0 pytest @@ -10,6 +15,7 @@ deps = responses commands = py.test + [testenv:docs] changedir = docs deps = From d198fd881064e71ac0d8453a410ea87da6fba16a Mon Sep 17 00:00:00 2001 From: Jiangge Zhang Date: Sun, 4 Nov 2018 16:42:27 +0800 Subject: [PATCH 3/5] Test on modern Python 3 --- .travis.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index b095706..b95e225 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,8 +1,10 @@ language: python python: - "2.7" - - "3.3" - "3.4" + - "3.5" + - "3.6" + - "3.7" - "pypy" install: - "pip install -U setuptools pip" From 125d5cf3189668239384e68fce00ea3fe75a8c8d Mon Sep 17 00:00:00 2001 From: Jiangge Zhang Date: Sun, 4 Nov 2018 16:46:59 +0800 Subject: [PATCH 4/5] Unfortunately Travis CI is not ready for 3.7-dev --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index b95e225..5317be4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,7 +4,6 @@ python: - "3.4" - "3.5" - "3.6" - - "3.7" - "pypy" install: - "pip install -U setuptools pip" From 42d903cd2b0dd697182167424fa6942b1463a960 Mon Sep 17 00:00:00 2001 From: Jiangge Zhang Date: Fri, 19 Apr 2019 15:43:36 +0800 Subject: [PATCH 5/5] Upgrade document dependencies for vulnerabilities --- docs/requirements-dev.txt | 7 ------- docs/requirements.in | 4 ++++ docs/requirements.txt | 16 +++++++++++----- 3 files changed, 15 insertions(+), 12 deletions(-) delete mode 100644 docs/requirements-dev.txt create mode 100644 docs/requirements.in diff --git a/docs/requirements-dev.txt b/docs/requirements-dev.txt deleted file mode 100644 index 14dead8..0000000 --- a/docs/requirements-dev.txt +++ /dev/null @@ -1,7 +0,0 @@ -docker-py==0.7.1 -Flask==0.12.4 -itsdangerous==0.24 -requests==2.20.0 -six==1.9.0 -websocket-client==0.23.0 -Werkzeug==0.10 diff --git a/docs/requirements.in b/docs/requirements.in new file mode 100644 index 0000000..80806ad --- /dev/null +++ b/docs/requirements.in @@ -0,0 +1,4 @@ +sphinx +sphinx-kr-theme + +jinja2>=2.8.1 # CVE-2016-10745 and CVE-2019-10906 diff --git a/docs/requirements.txt b/docs/requirements.txt index d48bc42..b7b8198 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,6 +1,12 @@ -docutils==0.12 -Jinja2==2.7.3 -MarkupSafe==0.23 -Pygments==2.0.2 -Sphinx==1.2.3 +# +# This file is autogenerated by pip-compile +# To update, run: +# +# pip-compile requirements.in +# +docutils==0.12 # via sphinx +jinja2==2.10.1 +markupsafe==0.23 # via jinja2 +pygments==2.0.2 # via sphinx sphinx-kr-theme==0.2.1 +sphinx==1.2.3