test(python): Upgrade markupsafe to version 1.1.0

When Python inspector 0.9.8 and above analyzes a project containing `markupsafe` version 1.0.0 as dependency (with option `--analyze-setup-py-insecurely`), then it crashes for unknown reason, see also [1]. Upgrading `markupsafe` to 1.1.0 works around that issue. Do so, in order to prepare for upgrading Python inspector. [1] aboutcode-org/python-inspector#133 Signed-off-by: Frank Viernau <[email protected]>
oss-review-toolkit · Nov 1, 2023 · 9da44a3 · 9da44a3
1 parent d0efc19
commit 9da44a3
Show file tree

Hide file tree

Showing 8 changed files with 57 additions and 30 deletions.
diff --git a/...ins/package-managers/python/src/funTest/assets/projects/synthetic/pip-expected-output.yml b/...ins/package-managers/python/src/funTest/assets/projects/synthetic/pip-expected-output.yml
@@ -28,7 +28,7 @@ project:
       - id: "PyPI::itsdangerous:0.24"
       - id: "PyPI::jinja2:2.11.3"
         dependencies:
-        - id: "PyPI::markupsafe:1.0"
+        - id: "PyPI::markupsafe:1.1.0"
       - id: "PyPI::werkzeug:0.15.3"
 packages:
 - id: "PyPI::click:6.7"
@@ -161,8 +161,8 @@ packages:
     url: "https://github.com/pallets/jinja.git"
     revision: ""
     path: ""
-- id: "PyPI::markupsafe:1.0"
-  purl: "pkg:pypi/[email protected]"
+- id: "PyPI::markupsafe:1.1.0"
+  purl: "pkg:pypi/markupsafe@1.1.0"
   authors:
   - "Armin Ronacher <[email protected]>"
   declared_licenses:
@@ -173,17 +173,17 @@ packages:
     mapped:
       BSD: "BSD-3-Clause"
       BSD License: "BSD-3-Clause"
-  description: "Implements a XML/HTML/XHTML Markup safe string for Python"
-  homepage_url: "http://github.com/pallets/markupsafe"
+  description: "Safely add untrusted strings to HTML/XML markup."
+  homepage_url: "https://www.palletsprojects.com/p/markupsafe/"
   binary_artifact:
-    url: ""
+    url: "https://files.pythonhosted.org/packages/94/7a/34f53c66e0f9070b273c083d674581158426f2670cfd03f07fec375f0325/MarkupSafe-1.1.0-cp27-cp27m-manylinux1_x86_64.whl"
     hash:
-      value: ""
-      algorithm: ""
+      value: "525396ee324ee2da82919f2ee9c9e73b012f23e7640131dd1b53a90206a0f09c"
+      algorithm: "SHA-256"
   source_artifact:
-    url: "https://files.pythonhosted.org/packages/4d/de/32d741db316d8fdb7680822dd37001ef7a448255de9699ab4bfcbdf4172b/MarkupSafe-1.0.tar.gz"
+    url: "https://files.pythonhosted.org/packages/ac/7e/1b4c2e05809a4414ebce0892fe1e32c14ace86ca7d50c70f00979ca9b3a3/MarkupSafe-1.1.0.tar.gz"
     hash:
-      value: "a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665"
+      value: "4e97332c9ce444b0c2c38dd22ddc61c743eb208d916e4265a2a3b575bdccb1d3"
       algorithm: "SHA-256"
   vcs:
     type: ""

diff --git a/plugins/package-managers/python/src/funTest/assets/projects/synthetic/pip/requirements.txt b/plugins/package-managers/python/src/funTest/assets/projects/synthetic/pip/requirements.txt
@@ -2,5 +2,5 @@ click==6.7
 Flask==1.0
 itsdangerous==0.24
 Jinja2==2.11.3
-MarkupSafe==1.0
+MarkupSafe==1.1.0
 Werkzeug==0.15.3
diff --git a/.../package-managers/python/src/funTest/assets/projects/synthetic/pipenv-expected-output.yml b/.../package-managers/python/src/funTest/assets/projects/synthetic/pipenv-expected-output.yml
@@ -24,7 +24,7 @@ project:
       - id: "PyPI::itsdangerous:0.24"
       - id: "PyPI::jinja2:2.10.1"
         dependencies:
-        - id: "PyPI::markupsafe:1.0"
+        - id: "PyPI::markupsafe:1.1.0"
       - id: "PyPI::werkzeug:0.15.3"
 packages:
 - id: "PyPI::click:6.7"
@@ -159,8 +159,8 @@ packages:
     url: ""
     revision: ""
     path: ""
-- id: "PyPI::markupsafe:1.0"
-  purl: "pkg:pypi/[email protected]"
+- id: "PyPI::markupsafe:1.1.0"
+  purl: "pkg:pypi/markupsafe@1.1.0"
   authors:
   - "Armin Ronacher <[email protected]>"
   declared_licenses:
@@ -171,17 +171,17 @@ packages:
     mapped:
       BSD: "BSD-3-Clause"
       BSD License: "BSD-3-Clause"
-  description: "Implements a XML/HTML/XHTML Markup safe string for Python"
-  homepage_url: "http://github.com/pallets/markupsafe"
+  description: "Safely add untrusted strings to HTML/XML markup."
+  homepage_url: "https://www.palletsprojects.com/p/markupsafe/"
   binary_artifact:
     url: ""
     hash:
       value: ""
       algorithm: ""
   source_artifact:
-    url: "https://files.pythonhosted.org/packages/4d/de/32d741db316d8fdb7680822dd37001ef7a448255de9699ab4bfcbdf4172b/MarkupSafe-1.0.tar.gz"
+    url: "https://files.pythonhosted.org/packages/ac/7e/1b4c2e05809a4414ebce0892fe1e32c14ace86ca7d50c70f00979ca9b3a3/MarkupSafe-1.1.0.tar.gz"
     hash:
-      value: "a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665"
+      value: "4e97332c9ce444b0c2c38dd22ddc61c743eb208d916e4265a2a3b575bdccb1d3"
       algorithm: "SHA-256"
   vcs:
     type: ""

diff --git a/plugins/package-managers/python/src/funTest/assets/projects/synthetic/pipenv/Pipfile b/plugins/package-managers/python/src/funTest/assets/projects/synthetic/pipenv/Pipfile
@@ -10,7 +10,7 @@ click = "==6.7"
 itsdangerous = "==0.24"
 Flask = "==1.0"
 Jinja2 = "==2.10.1"
-MarkupSafe = "==1.0"
+MarkupSafe = "==1.1.0"
 Werkzeug = "==0.15.3"
 
 [requires]

diff --git a/plugins/package-managers/python/src/funTest/assets/projects/synthetic/pipenv/Pipfile.lock b/plugins/package-managers/python/src/funTest/assets/projects/synthetic/pipenv/Pipfile.lock
diff --git a/...anagers/python/src/funTest/assets/projects/synthetic/python-inspector-expected-output.yml b/...anagers/python/src/funTest/assets/projects/synthetic/python-inspector-expected-output.yml
@@ -24,7 +24,7 @@ project:
       - id: "PyPI::itsdangerous:0.24"
       - id: "PyPI::jinja2:2.11.3"
         dependencies:
-        - id: "PyPI::markupsafe:1.0"
+        - id: "PyPI::markupsafe:1.1.0"
       - id: "PyPI::werkzeug:0.15.3"
 packages:
 - id: "PyPI::click:6.7"
@@ -157,8 +157,8 @@ packages:
     url: "https://github.com/pallets/jinja.git"
     revision: ""
     path: ""
-- id: "PyPI::markupsafe:1.0"
-  purl: "pkg:pypi/[email protected]"
+- id: "PyPI::markupsafe:1.1.0"
+  purl: "pkg:pypi/markupsafe@1.1.0"
   authors:
   - "Armin Ronacher <[email protected]>"
   declared_licenses:
@@ -169,17 +169,17 @@ packages:
     mapped:
       BSD: "BSD-3-Clause"
       BSD License: "BSD-3-Clause"
-  description: "Implements a XML/HTML/XHTML Markup safe string for Python"
-  homepage_url: "http://github.com/pallets/markupsafe"
+  description: "Safely add untrusted strings to HTML/XML markup."
+  homepage_url: "https://www.palletsprojects.com/p/markupsafe/"
   binary_artifact:
     url: ""
     hash:
       value: ""
       algorithm: ""
   source_artifact:
-    url: "https://files.pythonhosted.org/packages/4d/de/32d741db316d8fdb7680822dd37001ef7a448255de9699ab4bfcbdf4172b/MarkupSafe-1.0.tar.gz"
+    url: "https://files.pythonhosted.org/packages/ac/7e/1b4c2e05809a4414ebce0892fe1e32c14ace86ca7d50c70f00979ca9b3a3/MarkupSafe-1.1.0.tar.gz"
     hash:
-      value: "a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665"
+      value: "4e97332c9ce444b0c2c38dd22ddc61c743eb208d916e4265a2a3b575bdccb1d3"
       algorithm: "SHA-256"
   vcs:
     type: ""

diff --git a/...e-managers/python/src/funTest/assets/projects/synthetic/python-inspector/requirements.txt b/...e-managers/python/src/funTest/assets/projects/synthetic/python-inspector/requirements.txt
@@ -3,5 +3,5 @@ Flask==1.0
 itsdangerous<0.25
 license-expression ; platform_system == "Windows"
 Jinja2==2.11.3
-MarkupSafe==1.0
+MarkupSafe==1.1.0
 Werkzeug==0.15.3
diff --git a/plugins/package-managers/python/src/funTest/kotlin/utils/PythonInspectorFunTest.kt b/plugins/package-managers/python/src/funTest/kotlin/utils/PythonInspectorFunTest.kt
@@ -46,6 +46,6 @@ class PythonInspectorFunTest : StringSpec({
 
         result.projects should haveSize(2)
         result.resolvedDependenciesGraph should haveSize(1)
-        result.packages should haveSize(10)
+        result.packages should haveSize(11)
     }
 })