From eb0660a55afff14d77b4fa6b2b54498a0e6388e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9gis=20Behmo?= Date: Fri, 7 Jun 2024 11:32:11 +0200 Subject: [PATCH] chore: upgrade jinja2,black,requests,idna,cryptography Address several security issues raised by Dependabot. --- docs/_ext/tutordocs.py | 1 + requirements/base.txt | 6 +++--- requirements/dev.txt | 10 +++++----- requirements/docs.txt | 6 +++--- tutor/commands/jobs.py | 1 + tutor/env.py | 2 +- tutor/hooks/__init__.py | 2 +- tutor/hooks/catalog.py | 7 ++++--- tutor/plugins/__init__.py | 1 + 9 files changed, 20 insertions(+), 16 deletions(-) diff --git a/docs/_ext/tutordocs.py b/docs/_ext/tutordocs.py index 8c9ea3e897..eb8758770b 100644 --- a/docs/_ext/tutordocs.py +++ b/docs/_ext/tutordocs.py @@ -2,6 +2,7 @@ This module is heavily inspired by Django's djangodocs.py: https://github.com/django/django/blob/main/docs/_ext/djangodocs.py """ + from sphinx.application import Sphinx diff --git a/requirements/base.txt b/requirements/base.txt index 37cdb88c81..bc3d09d181 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -18,13 +18,13 @@ click==8.1.7 # via -r requirements/base.in google-auth==2.23.3 # via kubernetes -idna==3.4 +idna==3.7 # via requests importlib-metadata==7.0.1 # via -r requirements/base.in importlib-resources==6.1.1 # via -r requirements/base.in -jinja2==3.1.3 +jinja2==3.1.4 # via -r requirements/base.in kubernetes==28.1.0 # via -r requirements/base.in @@ -52,7 +52,7 @@ pyyaml==6.0.1 # via # -r requirements/base.in # kubernetes -requests==2.31.0 +requests==2.32.3 # via # kubernetes # requests-oauthlib diff --git a/requirements/dev.txt b/requirements/dev.txt index 4602d174a6..0562fc78fe 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -12,7 +12,7 @@ astroid==3.0.1 # via pylint attrs==23.1.0 # via scriv -black==23.10.1 +black==24.4.2 # via -r requirements/dev.in build==1.0.3 # via pip-tools @@ -42,7 +42,7 @@ click-log==0.4.0 # via scriv coverage==7.3.2 # via -r requirements/dev.in -cryptography==42.0.3 +cryptography==42.0.8 # via secretstorage dill==0.3.7 # via pylint @@ -54,7 +54,7 @@ google-auth==2.23.3 # via # -r requirements/base.txt # kubernetes -idna==3.4 +idna==3.7 # via # -r requirements/base.txt # requests @@ -77,7 +77,7 @@ jeepney==0.8.0 # via # keyring # secretstorage -jinja2==3.1.3 +jinja2==3.1.4 # via # -r requirements/base.txt # scriv @@ -163,7 +163,7 @@ pyyaml==6.0.1 # kubernetes readme-renderer==42.0 # via twine -requests==2.31.0 +requests==2.32.3 # via # -r requirements/base.txt # kubernetes diff --git a/requirements/docs.txt b/requirements/docs.txt index 4ca558d51d..11432d94e2 100644 --- a/requirements/docs.txt +++ b/requirements/docs.txt @@ -36,7 +36,7 @@ google-auth==2.23.3 # via # -r requirements/base.txt # kubernetes -idna==3.4 +idna==3.7 # via # -r requirements/base.txt # requests @@ -48,7 +48,7 @@ importlib-metadata==7.0.1 # sphinx importlib-resources==6.1.1 # via -r requirements/base.txt -jinja2==3.1.3 +jinja2==3.1.4 # via # -r requirements/base.txt # sphinx @@ -94,7 +94,7 @@ pyyaml==6.0.1 # via # -r requirements/base.txt # kubernetes -requests==2.31.0 +requests==2.32.3 # via # -r requirements/base.txt # kubernetes diff --git a/tutor/commands/jobs.py b/tutor/commands/jobs.py index 3d8e845ae5..93a10e5493 100644 --- a/tutor/commands/jobs.py +++ b/tutor/commands/jobs.py @@ -1,6 +1,7 @@ """ Common jobs that must be added both to local, dev and k8s commands. """ + from __future__ import annotations import functools diff --git a/tutor/env.py b/tutor/env.py index 9d71447214..6f150fd792 100644 --- a/tutor/env.py +++ b/tutor/env.py @@ -6,8 +6,8 @@ import typing as t from copy import deepcopy -import jinja2 import importlib_resources +import jinja2 from tutor import exceptions, fmt, hooks, plugins, utils from tutor.__about__ import __app__, __version__ diff --git a/tutor/hooks/__init__.py b/tutor/hooks/__init__.py index d075ab473c..485b0c1eb8 100644 --- a/tutor/hooks/__init__.py +++ b/tutor/hooks/__init__.py @@ -1,8 +1,8 @@ # The Tutor plugin system is licensed under the terms of the Apache 2.0 license. __license__ = "Apache 2.0" -import typing as t import functools +import typing as t from typing_extensions import ParamSpec diff --git a/tutor/hooks/catalog.py b/tutor/hooks/catalog.py index 60ec819d26..8953f9f57f 100644 --- a/tutor/hooks/catalog.py +++ b/tutor/hooks/catalog.py @@ -2,6 +2,7 @@ List of all the action, filter and context names used across Tutor. This module is used to generate part of the reference documentation. """ + from __future__ import annotations # The Tutor plugin system is licensed under the terms of the Apache 2.0 license. @@ -197,9 +198,9 @@ def your_filter_callback(some_data): #: added as subcommands to the ``local/dev/k8s do`` commands. They must return a list of #: ("service name", "service command") tuples. Each "service command" will be executed #: in the "service" container, both in local, dev and k8s mode. - CLI_DO_COMMANDS: Filter[ - list[Callable[[Any], Iterable[tuple[str, str]]]], [] - ] = Filter() + CLI_DO_COMMANDS: Filter[list[Callable[[Any], Iterable[tuple[str, str]]]], []] = ( + Filter() + ) #: List of initialization tasks (scripts) to be run in the ``init`` job. This job #: includes all database migrations, setting up, etc. To run some tasks before or diff --git a/tutor/plugins/__init__.py b/tutor/plugins/__init__.py index 360e9fba25..5771c4d00d 100644 --- a/tutor/plugins/__init__.py +++ b/tutor/plugins/__init__.py @@ -1,6 +1,7 @@ """ Provide API for plugin features. """ + from __future__ import annotations import functools