Update requests to the latest version

.gitignore

@@ -4,6 +4,7 @@ db.sqlite3*
 /securedrop/settings/local.py
 *.pyc
 __pycache__
+.pytest_cache
 
 node_modules
 npm-debug.log

dev-requirements.txt

@@ -72,7 +72,7 @@ qrcode==5.3
 requests-cache==0.4.13
 requests-file==1.4.3
 requests-oauthlib==0.8.0
-requests==2.18.4
+requests==2.20.0
 simplegeneric==0.8.1      # via ipython
 simplesqlite==0.19.0
 six==1.11.0

devops/requirements.in

@@ -4,7 +4,6 @@ cryptography>=2.3
 # Bug with ansible and docker 3.0+
 # https://github.com/ansible/ansible/issues/35612
 docker<3.0
-# Overly aggressive regex validation in Molecule>=2.12
-molecule<2.11
+molecule>=2.19
 pip-tools>=1.11.0
 safety>=1.7.0

devops/requirements.txt

@@ -1,85 +1,78 @@
-#
-# This file is autogenerated by pip-compile
-# To update, run:
-#
-#    pip-compile --output-file requirements.txt requirements.in
-#
-ansible-lint==3.4.19      # via molecule
+ansible-lint==3.4.23      # via molecule
 ansible==2.4.6.0
-anyconfig==0.9.1          # via molecule
+anyconfig==0.9.7          # via molecule
 arrow==0.12.1             # via jinja2-time
 asn1crypto==0.24.0        # via cryptography
-atomicwrites==1.1.5       # via pytest
-attrs==18.1.0             # via pytest
+atomicwrites==1.2.1       # via pytest
+attrs==18.2.0             # via pytest
 backports.functools-lru-cache==1.5  # via arrow
 backports.ssl-match-hostname==3.5.0.1  # via docker
-bandit==1.4.0
+bandit==1.5.1
 bcrypt==3.1.4             # via paramiko
 binaryornot==0.4.4        # via cookiecutter
-certifi==2018.4.16        # via requests
+cerberus==1.2             # via molecule
+certifi==2018.10.15       # via requests
 cffi==1.11.5              # via bcrypt, cryptography, pynacl
 chardet==3.0.4            # via binaryornot, requests
-click-completion==0.2.1   # via molecule
+click-completion==0.3.1   # via molecule
 click==6.7                # via click-completion, cookiecutter, molecule, pip-tools, python-gilt, safety
-colorama==0.3.7           # via molecule, python-gilt
+colorama==0.3.9           # via molecule, python-gilt
 configparser==3.5.0       # via flake8
-cookiecutter==1.5.1       # via molecule
-cryptography==2.3
+cookiecutter==1.6.0       # via molecule
+cryptography==2.3.1
 docker-pycreds==0.3.0     # via docker
 docker==2.7.0
 dparse==0.4.1             # via safety
 enum34==1.1.6             # via cryptography, flake8
 fasteners==0.14.1         # via python-gilt
-first==2.0.1              # via pip-tools
-flake8==3.3.0             # via molecule
+flake8==3.5.0             # via molecule
 funcsigs==1.0.2           # via pytest
-future==0.16.0            # via cookiecutter
+future==0.17.1            # via cookiecutter
 git-url-parse==1.1.0      # via python-gilt
-gitdb2==2.0.4             # via gitpython
+gitdb2==2.0.5             # via gitpython
 gitpython==2.1.11         # via bandit
 idna==2.7                 # via cryptography, requests
 ipaddress==1.0.22         # via cryptography, docker
 jinja2-time==0.2.0        # via cookiecutter
-jinja2==2.9.6             # via ansible, click-completion, cookiecutter, jinja2-time, molecule
-markupsafe==1.0           # via jinja2
-marshmallow==2.13.5       # via molecule
+jinja2==2.10              # via ansible, click-completion, cookiecutter, jinja2-time, molecule
+markupsafe==1.1.0         # via jinja2
 mccabe==0.6.1             # via flake8
-molecule==2.10.1
+molecule==2.19.0
 monotonic==1.5            # via fasteners
 more-itertools==4.3.0     # via pytest
-packaging==17.1           # via dparse, safety
-paramiko==2.4.1           # via ansible
+packaging==18.0           # via dparse, safety
+paramiko==2.4.2           # via ansible
 pathlib2==2.3.2           # via pytest
-pathspec==0.5.6           # via yamllint
-pbr==3.0.1                # via git-url-parse, molecule, python-gilt, stevedore
-pexpect==4.2.1            # via molecule
-pip-tools==2.0.2
-pluggy==0.7.1             # via pytest
-poyo==0.4.1               # via cookiecutter
-psutil==5.2.2             # via molecule
+pathspec==0.5.9           # via yamllint
+pbr==4.1.0                # via git-url-parse, molecule, python-gilt, stevedore
+pexpect==4.6.0            # via molecule
+pip-tools==3.1.0
+pluggy==0.8.0             # via pytest
+poyo==0.4.2               # via cookiecutter
+psutil==5.4.6             # via molecule
 ptyprocess==0.6.0         # via pexpect
-py==1.5.4                 # via pytest
+py==1.7.0                 # via pytest
 pyasn1==0.4.4             # via paramiko
 pycodestyle==2.3.1        # via flake8
-pycparser==2.18           # via cffi
+pycparser==2.19           # via cffi
 pyflakes==1.5.0           # via flake8
-pynacl==1.2.1             # via paramiko
-pyparsing==2.2.0          # via packaging
-pytest==3.7.1             # via testinfra
-python-dateutil==2.7.3    # via arrow
-python-gilt==1.1.0        # via molecule
-pyyaml==3.12              # via ansible, ansible-lint, bandit, dparse, molecule, python-gilt, yamllint
-requests==2.19.1          # via docker, safety
+pynacl==1.3.0             # via paramiko
+pyparsing==2.3.0          # via packaging
+pytest==3.10.0            # via testinfra
+python-dateutil==2.7.5    # via arrow
+python-gilt==1.2.1        # via molecule
+pyyaml==3.13              # via ansible, ansible-lint, bandit, dparse, molecule, python-gilt, yamllint
+requests==2.20.0          # via cookiecutter, docker, safety
 safety==1.8.4
-scandir==1.8              # via pathlib2
+scandir==1.9.0            # via pathlib2
 sh==1.12.14               # via molecule, python-gilt
-six==1.11.0               # via ansible-lint, bandit, bcrypt, click-completion, cryptography, docker, docker-pycreds, dparse, fasteners, more-itertools, packaging, pathlib2, pip-tools, pynacl, pytest, python-dateutil, stevedore, testinfra, websocket-client
-smmap2==2.0.4             # via gitdb2
-stevedore==1.29.0         # via bandit
-tabulate==0.7.7           # via molecule
-testinfra==1.7.1          # via molecule
+six==1.11.0               # via ansible-lint, bandit, bcrypt, click-completion, cryptography, docker, docker-pycreds, dparse, fasteners, molecule, more-itertools, packaging, pathlib2, pip-tools, pynacl, pytest, python-dateutil, stevedore, testinfra, websocket-client
+smmap2==2.0.5             # via gitdb2
+stevedore==1.30.0         # via bandit
+tabulate==0.8.2           # via molecule
+testinfra==1.16.0         # via molecule
 tree-format==0.1.2        # via molecule
-urllib3==1.23             # via requests
-websocket-client==0.48.0  # via docker
-whichcraft==0.4.1         # via cookiecutter
-yamllint==1.11.0          # via molecule
+urllib3==1.24.1           # via requests
+websocket-client==0.54.0  # via docker
+whichcraft==0.5.2         # via cookiecutter
+yamllint==1.11.1          # via molecule

molecule/ci/molecule.yml

@@ -38,6 +38,8 @@ verifier:
   additional_files_or_dirs:
     - ../shared_tests
   env:
-    pshtt_location: /home/gcorn/securedrop-alpha/bin/pshtt
+    PSHTT_LOCATION: /home/gcorn/securedrop-alpha/bin/pshtt
   lint:
     name: flake8
+  options:
+    p: no:cacheprovider no:stepwise

molecule/ci/playbook.yml

@@ -7,16 +7,10 @@
     # Required to install pshtt
     LC_ALL: "en_US.UTF-8"
   pre_tasks:
-    - name: Check for existence of grsec kernel
-      stat:
-        path: /proc/sys/kernel/grsecurity/
-      register: check_grsec_kernel_results
-
     - name: Make sure paxctld is started
       service:
         name: paxctld
         state: started
-      when: check_grsec_kernel_results.stat.exists
 
     - name: Create postgres DB
       postgresql_db:
@@ -38,7 +32,6 @@
         # pre-installed. Not needed in prod.
         - template1
 
-  tasks:
     # The paxtld flags should be added to the CI base image.
     - name: Layout pax config
       lineinfile:
@@ -52,10 +45,13 @@
         - "/home/gcorn/securedrop-alpha/pip m"
         - "/usr/bin/python m"
         - "/usr/bin/python3 m"
-      when: check_grsec_kernel_results.stat.exists
+        - "/home/gcorn/securedrop-alpha/lib/python3.4/site-packages/nassl/_nassl.cpython-34m.so"
+        - "/home/gcorn/securedrop-beta/lib/python3.4/site-packages/nassl/_nassl.cpython-34m.so"
+        - "/lib/x86_64-linux-gnu/ld-2.19.so"
       notify: Restart paxctld
       register: grsec_config_results
 
+  tasks:
     - debug:
         msg: "You can hit the www interface at https://localhost:{{ lookup('pipe', 'docker port debian_jessie_sd.org_ci 443 | cut -d\":\" -f 2') }}"
 

molecule/dev/molecule.yml

@@ -23,6 +23,6 @@ verifier:
     connection: docker
     hosts: sd_django
   env:
-    pshtt_location: /usr/local/bin/pshtt
+    PSHTT_LOCATION: /usr/local/bin/pshtt
   lint:
     name: flake8

molecule/shared_tests/test_pshtt.py

@@ -2,7 +2,7 @@
 import json
 import os
 
-PSHTT_CLI_PATH = os.environ['pshtt_location']
+PSHTT_CLI_PATH = os.environ['PSHTT_LOCATION']
 PSHTT_DOMAINS = [
     'freedom.press'
 ]

requirements.in

@@ -27,3 +27,4 @@ django-allauth==0.34.0
 django-allauth-2fa
 django-csp
 zxcvbn-python
+requests>=2.20.0

requirements.txt

@@ -57,7 +57,7 @@ qrcode==5.3               # via django-allauth-2fa
 requests-cache==0.4.13    # via pshtt
 requests-file==1.4.3      # via tldextract
 requests-oauthlib==0.8.0  # via django-allauth
-requests==2.18.4          # via django-allauth, django-anymail, pshtt, requests-cache, requests-file, requests-oauthlib, tldextract, wagtail
+requests==2.20.0
 simplesqlite==0.19.0      # via pytablewriter
 six==1.11.0               # via bleach, cryptography, django-anymail, faker, html5lib, mbstrdecoder, pyopenssl, pytablewriter, python-dateutil, qrcode, requests-file, simplesqlite, tabledata, typepy, unittest-xml-reporting, vcrpy
 tabledata==0.0.5          # via pytablewriter, simplesqlite