From 4719ec7d4aed914a23074d78897f9a7c8a057c13 Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Thu, 15 Oct 2020 08:15:30 -0700 Subject: [PATCH 1/2] Updates pip dependencies Specifically, addresses safety id 38834, affecting urllib3 <1.25.9. --- requirements.in | 1 + requirements.txt | 14 +++++++------- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/requirements.in b/requirements.in index cacdf6a..f5771fb 100644 --- a/requirements.in +++ b/requirements.in @@ -3,3 +3,4 @@ docker>=3.5.1 molecule pip-tools requests>=2.21.0 +urllib3>1.25.9 diff --git a/requirements.txt b/requirements.txt index c817aa7..95cbad5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -395,10 +395,10 @@ tree-format==0.1.2 \ --hash=sha256:a538523aa78ae7a4b10003b04f3e1b37708e0e089d99c9d3b9e1c71384c9a7f9 \ --hash=sha256:b5056228dbedde1fb81b79f71fb0c23c98e9d365230df9b29af76e8d8003de11 \ # via molecule -urllib3==1.25.8 \ - --hash=sha256:2f3db8b19923a873b3e5256dc9c2dedfa883e33d87c690d9c7913e1f40673cdc \ - --hash=sha256:87716c2d2a7121198ebcb7ce7cccf6ce5e9ba539041cfbaeecfb641dc0bf6acc \ - # via requests +urllib3==1.25.10 \ + --hash=sha256:91056c15fa70756691db97756772bb1eb9678fa585d9184f24534b100dc60f4a \ + --hash=sha256:e7983572181f5e1522d9c98453462384ee92a0be7fac5f1413a1e35c56cc0461 \ + # via -r requirements.in, requests virtualenv==16.7.7 \ --hash=sha256:11cb4608930d5fd3afb545ecf8db83fa50e1f96fc4fca80c94b07d2c83146589 \ --hash=sha256:d257bb3773e48cac60e475a19b608996c73f4d333b3ba2e4e57d5ac6134e0136 \ @@ -425,7 +425,7 @@ zipp==0.6.0 \ # via importlib-metadata # The following packages are considered to be unsafe in a requirements file: -setuptools==46.1.3 \ - --hash=sha256:4fe404eec2738c20ab5841fa2d791902d2a645f32318a7850ef26f8d7215a8ee \ - --hash=sha256:795e0475ba6cd7fa082b1ee6e90d552209995627a2a227a47c6ea93282f4bfb1 \ +setuptools==50.3.1 \ + --hash=sha256:0e9772768fa6e9d3cf818a3e6e24dd2236f319d2c478312995edcb30ddeb8343 \ + --hash=sha256:8d057d7a928a82cdc985654355fc9e5431def7b6bdfc9e0f32d1e388a63c8ec6 \ # via ansible, pytest From 16c8d42c350ce37e8a411315f123f21cc618cbbe Mon Sep 17 00:00:00 2001 From: mickael e Date: Thu, 22 Oct 2020 11:35:59 -0400 Subject: [PATCH 2/2] Pin pip-tools to > 5.0.0 In order for pip-compile to work, as suggested by @zenmonkeykstop --- requirements.in | 2 +- requirements.txt | 16 ++++++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/requirements.in b/requirements.in index f5771fb..706a2b9 100644 --- a/requirements.in +++ b/requirements.in @@ -1,6 +1,6 @@ ansible>=2.7.16,<2.8 docker>=3.5.1 molecule -pip-tools +pip-tools>=5.0.0 requests>=2.21.0 urllib3>1.25.9 diff --git a/requirements.txt b/requirements.txt index 95cbad5..fa8dec8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -107,9 +107,9 @@ chardet==3.0.4 \ click-completion==0.3.1 \ --hash=sha256:7ca12978493a7450486cef155845af4fae48744c3f97b7250a254de65c9e5e5a \ # via molecule -click==6.7 \ - --hash=sha256:29f99fc6125fbc931b758dc053b3114e55c77a6e4c6c3a2674a2dc986016381d \ - --hash=sha256:f15516df478d5a56180fbf80e68f206010e6d160fc39fa508b65e035fd75130b \ +click==7.1.2 \ + --hash=sha256:d2b5255c7c6349bc1bd1e59e08cd12acbbd63ce649f2588755783aa94dfb6b1a \ + --hash=sha256:dacca89f4bfadd5de3d7489b7c8a566eee0d3676333fbb50030263894c38c0dc \ # via click-completion, cookiecutter, molecule, pip-tools, python-gilt colorama==0.3.9 \ --hash=sha256:463f8483208e921368c9f306094eb6f725c6ca42b0f97e313cb5d5512459feda \ @@ -249,9 +249,9 @@ pexpect==4.7.0 \ --hash=sha256:2094eefdfcf37a1fdbfb9aa090862c1a4878e5c7e0e7e7088bdb511c558e5cd1 \ --hash=sha256:9e2c1fd0e6ee3a49b28f95d4b33bc389c89b20af6a1255906e90ff1262ce62eb \ # via molecule -pip-tools==3.7.0 \ - --hash=sha256:4ff38ab655bec47db2d5a82fa6c6807e231ecddf3b7cbb2f2b957a9b11f016c3 \ - --hash=sha256:542cc32393ec8e97932b4710462567e3ecbd0a1d483d8b1d5ef05bc6ef83f7f8 \ +pip-tools==5.3.1 \ + --hash=sha256:5672c2b6ca0f1fd803f3b45568c2cf7fadf135b4971e7d665232b2075544c0ef \ + --hash=sha256:73787e23269bf8a9230f376c351297b9037ed0d32ab0f9bef4a187d976acc054 \ # via -r requirements.in pluggy==0.11.0 \ --hash=sha256:25a1bc1d148c9a640211872b4ff859878d422bccb59c9965e04eed468a0aa180 \ @@ -425,6 +425,10 @@ zipp==0.6.0 \ # via importlib-metadata # The following packages are considered to be unsafe in a requirements file: +pip==20.2.4 \ + --hash=sha256:51f1c7514530bd5c145d8f13ed936ad6b8bfcb8cf74e10403d0890bc986f0033 \ + --hash=sha256:85c99a857ea0fb0aedf23833d9be5c40cf253fe24443f0829c7b472e23c364a1 \ + # via pip-tools setuptools==50.3.1 \ --hash=sha256:0e9772768fa6e9d3cf818a3e6e24dd2236f319d2c478312995edcb30ddeb8343 \ --hash=sha256:8d057d7a928a82cdc985654355fc9e5431def7b6bdfc9e0f32d1e388a63c8ec6 \