From 7948466778cbd616467875caf6978b47f3a01905 Mon Sep 17 00:00:00 2001 From: mickael e Date: Fri, 20 Sep 2019 10:56:25 -0400 Subject: [PATCH 01/10] Bump wekzeug to 0.16.0 Due to CVE-2019-14806: Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. --- .../python3/securedrop-app-code-requirements.in | 2 +- .../python3/securedrop-app-code-requirements.txt | 6 +++--- securedrop/requirements/python3/test-requirements.txt | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/securedrop/requirements/python3/securedrop-app-code-requirements.in b/securedrop/requirements/python3/securedrop-app-code-requirements.in index ebc86bad6f..5dc921735b 100644 --- a/securedrop/requirements/python3/securedrop-app-code-requirements.in +++ b/securedrop/requirements/python3/securedrop-app-code-requirements.in @@ -20,4 +20,4 @@ scrypt sh SQLAlchemy>=1.3.0 typing -Werkzeug +Werkzeug>=0.15.3 diff --git a/securedrop/requirements/python3/securedrop-app-code-requirements.txt b/securedrop/requirements/python3/securedrop-app-code-requirements.txt index a693947edf..18ec13d3cc 100644 --- a/securedrop/requirements/python3/securedrop-app-code-requirements.txt +++ b/securedrop/requirements/python3/securedrop-app-code-requirements.txt @@ -194,9 +194,9 @@ typing==3.6.4 \ webassets==0.12.1 \ --hash=sha256:e7d9c8887343123fd5b32309b33167428cb1318cdda97ece12d0907fd69d38db \ # via flask-assets -werkzeug==0.14.1 \ - --hash=sha256:c3fd7a7d41976d9f44db327260e263132466836cef6f91512889ed60ad26557c \ - --hash=sha256:d5da73735293558eb1651ee2fddc4d0dedcfa06538b8813a2e20011583c9e49b +werkzeug==0.16.0 \ + --hash=sha256:7280924747b5733b246fe23972186c6b348f9ae29724135a6dfc1e53cea433e7 \ + --hash=sha256:e5f4a1f98b52b18a93da705a7458e55afb26f32bff83ff5d19189f92462d65c4 wtforms==2.1 \ --hash=sha256:ffdf10bd1fa565b8233380cb77a304cd36fd55c73023e91d4b803c96bc11d46f \ # via flask-wtf diff --git a/securedrop/requirements/python3/test-requirements.txt b/securedrop/requirements/python3/test-requirements.txt index 9290aeb050..1c56948bb6 100644 --- a/securedrop/requirements/python3/test-requirements.txt +++ b/securedrop/requirements/python3/test-requirements.txt @@ -39,7 +39,7 @@ selenium==3.141.0 six==1.11.0 # via mock, pathlib2, pip-tools, pytest tbselenium==0.4.2 urllib3==1.25.3 -werkzeug==0.14.1 # via flask +werkzeug==0.16.0 # via flask zipp==0.5.1 # via importlib-metadata # The following packages are considered to be unsafe in a requirements file: From 8fc691e4d68108e9d3203b8f9c4aa448323575ad Mon Sep 17 00:00:00 2001 From: mickael e Date: Tue, 24 Sep 2019 09:48:47 -0400 Subject: [PATCH 02/10] Bump ansible to 2.6.18 Addresses CVE-2019-10156. Given that SecureDrop would not process untrusted variables in templates, this vulnerability did not impact the system. Also updates SecureDrop installer's ansible version check --- admin/requirements.txt | 4 ++-- .../ansible-base/callback_plugins/ansible_version_check.py | 2 +- securedrop/requirements/python3/develop-requirements.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/admin/requirements.txt b/admin/requirements.txt index 36d933bcd0..21ce5a188b 100644 --- a/admin/requirements.txt +++ b/admin/requirements.txt @@ -4,8 +4,8 @@ # # pip-compile --generate-hashes --output-file=requirements.txt requirements-ansible.in requirements.in # -ansible==2.6.14 \ - --hash=sha256:412f130f4c5d1953ccd95f01b5a4675cbff4ba225762bafb74a2f3bb6c807827 +ansible==2.6.18 \ + --hash=sha256:588e4d85ec21cddf959a66cbe62bbfcff6236a1cd44b1264b14a19d34b8dffdf asn1crypto==0.24.0 \ --hash=sha256:2f1adbb7546ed199e3c90ef23ec95c5cf3585bac7d11fb7eb562a3fe89c64e87 \ --hash=sha256:9d5c20441baf0cb60a4ac34cc447c6c189024b6b4c6cd7877034f4965c464e49 \ diff --git a/install_files/ansible-base/callback_plugins/ansible_version_check.py b/install_files/ansible-base/callback_plugins/ansible_version_check.py index f0f50a881f..1f69507a8b 100644 --- a/install_files/ansible-base/callback_plugins/ansible_version_check.py +++ b/install_files/ansible-base/callback_plugins/ansible_version_check.py @@ -21,7 +21,7 @@ class CallbackModule(CallbackBase): def __init__(self): # Can't use `on_X` because this isn't forwards compatible # with Ansible 2.0+ - required_version = '2.6.14' # Keep synchronized with requirements files + required_version = '2.6.18' # Keep synchronized with requirements files if not ansible.__version__.startswith(required_version): print_red_bold( "SecureDrop restriction: only Ansible {version}.*" diff --git a/securedrop/requirements/python3/develop-requirements.txt b/securedrop/requirements/python3/develop-requirements.txt index ac111022a7..3c32da511d 100644 --- a/securedrop/requirements/python3/develop-requirements.txt +++ b/securedrop/requirements/python3/develop-requirements.txt @@ -6,7 +6,7 @@ # alabaster==0.7.10 # via sphinx ansible-lint==4.1.0 # via molecule -ansible==2.6.14 +ansible==2.6.18 anyconfig==0.9.7 # via molecule apipkg==1.4 # via execnet argh==0.26.2 # via sphinx-autobuild, watchdog From 353b0354bd5fdd851518d1f6e9f5cb09d5c107cf Mon Sep 17 00:00:00 2001 From: mickael e Date: Fri, 20 Sep 2019 14:06:25 -0400 Subject: [PATCH 03/10] Bump molecule to 2.22 This is required to upgrade pyyaml to 5.1 (resolving CVE-2017-18342) and jinja2 (resolving CVE-2019-10906) --- .../python3/develop-requirements.in | 2 +- .../python3/develop-requirements.txt | 36 ++++++++++++------- 2 files changed, 24 insertions(+), 14 deletions(-) diff --git a/securedrop/requirements/python3/develop-requirements.in b/securedrop/requirements/python3/develop-requirements.in index aef00e1d1d..5725371d0f 100644 --- a/securedrop/requirements/python3/develop-requirements.in +++ b/securedrop/requirements/python3/develop-requirements.in @@ -7,7 +7,7 @@ docker-py dnspython flake8 html-linter -molecule>=2.20.1 +molecule>=2.22 mypy # Needed for ansible network filter # http://docs.ansible.com/ansible/latest/playbooks_filters_ipaddr.html diff --git a/securedrop/requirements/python3/develop-requirements.txt b/securedrop/requirements/python3/develop-requirements.txt index 3c32da511d..886b683d50 100644 --- a/securedrop/requirements/python3/develop-requirements.txt +++ b/securedrop/requirements/python3/develop-requirements.txt @@ -12,6 +12,7 @@ apipkg==1.4 # via execnet argh==0.26.2 # via sphinx-autobuild, watchdog arrow==0.10.0 # via jinja2-time asn1crypto==0.22.0 # via cryptography +aspy.yaml==1.3.0 # via pre-commit astroid==1.6.0 # via pylint babel==2.4.0 # via sphinx bandit==1.4.0 @@ -20,9 +21,10 @@ binaryornot==0.4.4 # via cookiecutter boto3==1.5.24 boto==2.48.0 botocore==1.8.38 # via boto3, s3transfer -cerberus==1.2 # via molecule +cerberus==1.3.1 # via molecule certifi==2017.7.27.1 # via requests cffi==1.10.0 # via bcrypt, cryptography, pynacl +cfgv==2.0.1 # via pre-commit chardet==3.0.4 # via binaryornot, requests click-completion==0.3.1 # via molecule click==6.7 # via click-completion, cookiecutter, git-url-parse, molecule, pip-tools, python-gilt, safety @@ -44,35 +46,40 @@ git-url-parse==1.0.2 # via python-gilt gitdb2==2.0.3 # via gitpython gitpython==2.1.8 # via bandit html-linter==0.4.0 -idna==2.5 # via molecule, requests +identify==1.4.7 # via pre-commit +idna==2.5 # via requests imagesize==0.7.1 # via sphinx +importlib-metadata==0.23 # via pre-commit +importlib-resources==1.0.2 # via pre-commit isort==4.2.15 # via pylint jinja2-time==0.2.0 # via cookiecutter -jinja2==2.10 # via ansible, click-completion, cookiecutter, jinja2-time, molecule, sphinx +jinja2==2.10.1 # via ansible, click-completion, cookiecutter, jinja2-time, molecule, sphinx jmespath==0.9.3 # via boto3, botocore lazy-object-proxy==1.3.1 # via astroid livereload==2.5.1 # via sphinx-autobuild markupsafe==1.0 # via jinja2 mccabe==0.6.1 # via flake8, pylint -molecule==2.20.1 +molecule==2.22 monotonic==1.4 # via fasteners +more-itertools==7.2.0 # via zipp mypy-extensions==0.4.1 # via mypy mypy==0.701 netaddr==0.7.19 +nodeenv==1.3.3 # via pre-commit packaging==16.8 # via dparse, safety -paramiko==2.4.2 # via ansible +paramiko==2.6.0 # via ansible, molecule pathspec==0.5.5 # via yamllint pathtools==0.1.2 # via sphinx-autobuild, watchdog -pbr==5.1.1 # via git-url-parse, molecule, python-gilt, stevedore +pbr==5.1.1 # via git-url-parse, python-gilt, stevedore pexpect==4.6.0 # via molecule pip-tools==4.0.0 port_for==0.3.1 # via sphinx-autobuild poyo==0.4.1 # via cookiecutter +pre-commit==1.18.3 # via molecule prompt-toolkit==2.0.9 psutil==5.4.6 # via molecule ptyprocess==0.5.2 # via pexpect py==1.4.34 # via pytest -pyasn1==0.3.1 # via paramiko pycodestyle==2.5.0 # via flake8 pycparser==2.18 # via cffi pyenchant==2.0.0 @@ -87,13 +94,13 @@ python-dateutil==2.6.1 # via arrow, botocore python-gilt==1.2.1 # via molecule python-vagrant==0.5.15 pytz==2017.2 # via babel -pyyaml==3.13 # via ansible, ansible-lint, bandit, dparse, molecule, python-gilt, sphinx-autobuild, watchdog, yamllint +pyyaml==5.1.2 requests==2.22.0 # via cookiecutter, docker-py, safety, sphinx ruamel.yaml==0.15.97 # via ansible-lint s3transfer==0.1.12 # via boto3 safety==1.8.4 sh==1.12.14 # via molecule, python-gilt -six==1.11.0 # via ansible-lint, astroid, bandit, bcrypt, click-completion, cryptography, docker-py, docker-pycreds, dparse, fasteners, git-url-parse, livereload, molecule, packaging, pip-tools, prompt-toolkit, pylint, pynacl, python-dateutil, sphinx, stevedore, testinfra, websocket-client +six==1.11.0 # via ansible-lint, astroid, bandit, bcrypt, cfgv, click-completion, cryptography, docker-py, docker-pycreds, dparse, fasteners, git-url-parse, livereload, molecule, packaging, pip-tools, pre-commit, prompt-toolkit, pylint, pynacl, python-dateutil, sphinx, stevedore, testinfra, websocket-client smmap2==2.0.3 # via gitdb2 snowballstemmer==1.2.1 # via sphinx sphinx-autobuild==0.7.1 @@ -101,20 +108,23 @@ sphinx-rtd-theme==0.2.4 sphinx==1.6.3 sphinxcontrib-websupport==1.0.1 # via sphinx stevedore==1.28.0 # via bandit -tabulate==0.8.2 # via molecule +tabulate==0.8.3 # via molecule template-remover==0.1.9 # via html-linter -testinfra==1.19.0 +testinfra==3.2.0 +toml==0.10.0 # via pre-commit tornado==4.5.1 # via livereload, sphinx-autobuild tree-format==0.1.2 # via molecule typed-ast==1.3.5 # via mypy urllib3==1.25.3 +virtualenv==16.7.5 # via pre-commit watchdog==0.8.3 # via sphinx-autobuild wcwidth==0.1.7 # via prompt-toolkit websocket-client==0.44.0 # via docker-py whichcraft==0.4.1 # via cookiecutter wrapt==1.10.11 # via astroid -yamllint==1.11.1 +yamllint==1.17.0 +zipp==0.6.0 # via importlib-metadata # The following packages are considered to be unsafe in a requirements file: -# pip==19.2.2 # via safety +# pip==19.2.3 # via safety # setuptools==41.2.0 # via ansible, pytest, sphinx From 882ac5a998fdfa8e0289e2ee2a51f4b8b44e9b75 Mon Sep 17 00:00:00 2001 From: mickael e Date: Tue, 24 Sep 2019 10:54:49 -0400 Subject: [PATCH 04/10] Don't sudo pip install in container for linting sudo pip installing (even in the virtualenv) would cause permission issues for the molecule tmp files at runtime --- .circleci/config.yml | 2 +- securedrop/dockerfiles/xenial/python3/Dockerfile | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index dc8d1b5bd6..c560b11ff6 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -74,7 +74,7 @@ jobs: name: Run all linters but shellcheck command: | fromtag=$(docker images |grep securedrop-test-xenial-py3 |head -n1 |awk '{print $2}') - DOCKER_BUILD_ARGUMENTS="--cache-from securedrop-test-xenial-py3:${fromtag:-latest}" securedrop/bin/dev-shell bash -c "sudo /opt/venvs/securedrop-app-code/bin/pip3 install -r requirements/python3/develop-requirements.txt && make -C .. ansible-config-lint app-lint docs-lint flake8 html-lint typelint yamllint" + DOCKER_BUILD_ARGUMENTS="--cache-from securedrop-test-xenial-py3:${fromtag:-latest}" securedrop/bin/dev-shell bash -c "/opt/venvs/securedrop-app-code/bin/pip3 install -r requirements/python3/develop-requirements.txt && make -C .. ansible-config-lint app-lint docs-lint flake8 html-lint typelint yamllint" - run: name: Run shellcheck diff --git a/securedrop/dockerfiles/xenial/python3/Dockerfile b/securedrop/dockerfiles/xenial/python3/Dockerfile index 9ba4c2ef38..2f3e7a3309 100644 --- a/securedrop/dockerfiles/xenial/python3/Dockerfile +++ b/securedrop/dockerfiles/xenial/python3/Dockerfile @@ -57,7 +57,8 @@ RUN python3 -m venv /opt/venvs/securedrop-app-code && \ RUN if test $USER_NAME != root ; then useradd --no-create-home --home-dir /tmp --uid $USER_ID $USER_NAME && echo "$USER_NAME ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers ; fi && \ cp -r /root/.local /tmp/ && chmod +x /tmp/.local/tbb/tor-browser_en-US/Browser/firefox && chmod -R 777 /tmp/.local && \ - chown -R $USER_NAME.$USER_NAME /tmp/.local/ + chown -R $USER_NAME.$USER_NAME /tmp/.local/ && \ + chown -R $USER_NAME.$USER_NAME /opt/venvs/securedrop-app-code/ STOPSIGNAL SIGKILL From 41bc67d94f3babfbc1b76d1f8dfd9d203f6bffe5 Mon Sep 17 00:00:00 2001 From: mickael e Date: Tue, 24 Sep 2019 11:28:49 -0400 Subject: [PATCH 05/10] Update Pyyaml in admin requirements Resolves CVE-2017-18342 --- admin/requirements.in | 2 +- admin/requirements.txt | 23 ++++++++++++++--------- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/admin/requirements.in b/admin/requirements.in index de6bf04f6e..3e7fda7e0d 100644 --- a/admin/requirements.in +++ b/admin/requirements.in @@ -1,2 +1,2 @@ prompt_toolkit -pyyaml +pyyaml>=5.1.2 diff --git a/admin/requirements.txt b/admin/requirements.txt index 21ce5a188b..586d534892 100644 --- a/admin/requirements.txt +++ b/admin/requirements.txt @@ -146,15 +146,20 @@ pynacl==1.2.1 \ --hash=sha256:f5ce9e26d25eb0b2d96f3ef0ad70e1d3ae89b5d60255c462252a3e456a48c053 \ --hash=sha256:fabf73d5d0286f9e078774f3435601d2735c94ce9e514ac4fb945701edead7e4 \ # via paramiko -pyyaml==3.12 \ - --hash=sha256:16b20e970597e051997d90dc2cddc713a2876c47e3d92d59ee198700c5427736 \ - --hash=sha256:3262c96a1ca437e7e4763e2843746588a965426550f3797a79fca9c6199c431f \ - --hash=sha256:592766c6303207a20efc445587778322d7f73b161bd994f227adaa341ba212ab \ - --hash=sha256:5ac82e411044fb129bae5cfbeb3ba626acb2af31a8d17d175004b70862a741a7 \ - --hash=sha256:827dc04b8fa7d07c44de11fabbc888e627fa8293b695e0f99cb544fdfa1bf0d1 \ - --hash=sha256:bc6bced57f826ca7cb5125a10b23fd0f2fff3b7c4701d64c439a300ce665fff8 \ - --hash=sha256:c01b880ec30b5a6e6aa67b09a2fe3fb30473008c85cd6a67359a1b15ed6d83a4 \ - --hash=sha256:e863072cdf4c72eebf179342c94e6989c67185842d9997960b3e69290b2fa269 +pyyaml==5.1.2 \ + --hash=sha256:0113bc0ec2ad727182326b61326afa3d1d8280ae1122493553fd6f4397f33df9 \ + --hash=sha256:01adf0b6c6f61bd11af6e10ca52b7d4057dd0be0343eb9283c878cf3af56aee4 \ + --hash=sha256:5124373960b0b3f4aa7df1707e63e9f109b5263eca5976c66e08b1c552d4eaf8 \ + --hash=sha256:5ca4f10adbddae56d824b2c09668e91219bb178a1eee1faa56af6f99f11bf696 \ + --hash=sha256:7907be34ffa3c5a32b60b95f4d95ea25361c951383a894fec31be7252b2b6f34 \ + --hash=sha256:7ec9b2a4ed5cad025c2278a1e6a19c011c80a3caaac804fd2d329e9cc2c287c9 \ + --hash=sha256:87ae4c829bb25b9fe99cf71fbb2140c448f534e24c998cc60f39ae4f94396a73 \ + --hash=sha256:9de9919becc9cc2ff03637872a440195ac4241c80536632fffeb6a1e25a74299 \ + --hash=sha256:a5a85b10e450c66b49f98846937e8cfca1db3127a9d5d1e31ca45c3d0bef4c5b \ + --hash=sha256:b0997827b4f6a7c286c01c5f60384d218dca4ed7d9efa945c3e1aa623d5709ae \ + --hash=sha256:b631ef96d3222e62861443cc89d6563ba3eeb816eeb96b2629345ab795e53681 \ + --hash=sha256:bf47c0607522fdbca6c9e817a6e81b08491de50f3766a7a0e6a5be7905961b41 \ + --hash=sha256:f81025eddd0327c7d4cfe9b62cf33190e1e736cc6e97502b3ec425f574b3e7a8 six==1.11.0 \ --hash=sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9 \ --hash=sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb \ From 655cdb1e22fadc09fc960373fbe7711d1e18ae94 Mon Sep 17 00:00:00 2001 From: mickael e Date: Tue, 24 Sep 2019 12:18:32 -0400 Subject: [PATCH 06/10] Add dependency diff review to pull request template --- .github/PULL_REQUEST_TEMPLATE.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 59693b2449..1e6a9369aa 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -41,3 +41,8 @@ Any special considerations for deployment? Consider both: ### If you made changes to documentation: - [ ] Doc linting (`make docs-lint`) passed locally + +### If you added or updated a code dependency: + +- [ ] I have performed a diff review and pasted the contents to [the packaging wiki](https://github.com/freedomofpress/securedrop-debian-packaging/wiki) +- [ ] I would like someone else to do the diff review From 1f639c38e85b185eb3c553bf2de9ac18a144f9fd Mon Sep 17 00:00:00 2001 From: mickael e Date: Tue, 24 Sep 2019 14:56:44 -0400 Subject: [PATCH 07/10] Fix tests for new version of testinfra --- molecule/testinfra/staging/app/test_tor_config.py | 4 ++-- molecule/testinfra/staging/common/test_grsecurity.py | 8 ++++---- molecule/testinfra/staging/common/test_tor_mirror.py | 2 +- molecule/testinfra/staging/common/test_user_config.py | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/molecule/testinfra/staging/app/test_tor_config.py b/molecule/testinfra/staging/app/test_tor_config.py index 90f54fecc6..b0305e354d 100644 --- a/molecule/testinfra/staging/app/test_tor_config.py +++ b/molecule/testinfra/staging/app/test_tor_config.py @@ -8,13 +8,13 @@ @pytest.mark.parametrize('package', [ 'tor', ]) -def test_tor_packages(Package, package): +def test_tor_packages(host, package): """ Ensure Tor packages are installed. Does not include the Tor keyring package, since we want only the SecureDrop Release Signing Key to be used even for Tor packages. """ - assert Package(package).is_installed + assert host.package(package).is_installed def test_tor_service_running(host): diff --git a/molecule/testinfra/staging/common/test_grsecurity.py b/molecule/testinfra/staging/common/test_grsecurity.py index 5415a0f9ed..550078c388 100644 --- a/molecule/testinfra/staging/common/test_grsecurity.py +++ b/molecule/testinfra/staging/common/test_grsecurity.py @@ -52,7 +52,7 @@ def test_generic_kernels_absent(host, package): c = host.run("dpkg -l {}".format(package)) assert c.rc == 1 error_text = "dpkg-query: no packages found matching {}".format(package) - assert c.stderr == error_text + assert error_text in c.stderr.strip() def test_grsecurity_lock_file(host): @@ -71,8 +71,8 @@ def test_grsecurity_kernel_is_running(host): Make sure the currently running kernel is specific grsec kernel. """ c = host.run('uname -r') - assert c.stdout.endswith('-grsec') - assert c.stdout == '{}-grsec'.format(KERNEL_VERSION) + assert c.stdout.strip().endswith('-grsec') + assert c.stdout.strip() == '{}-grsec'.format(KERNEL_VERSION) @pytest.mark.parametrize('sysctl_opt', [ @@ -130,7 +130,7 @@ def test_grub_pc_marked_manual(host): """ c = host.run('apt-mark showmanual grub-pc') assert c.rc == 0 - assert c.stdout == "grub-pc" + assert c.stdout.strip() == "grub-pc" def test_apt_autoremove(host): diff --git a/molecule/testinfra/staging/common/test_tor_mirror.py b/molecule/testinfra/staging/common/test_tor_mirror.py index 7a4037b8b0..d902622e7d 100644 --- a/molecule/testinfra/staging/common/test_tor_mirror.py +++ b/molecule/testinfra/staging/common/test_tor_mirror.py @@ -28,7 +28,7 @@ def test_tor_keyring_absent(host): c = host.run("dpkg -l {}".format(package)) assert c.rc == 1 error_text = "dpkg-query: no packages found matching {}".format(package) - assert c.stderr.rstrip() == error_text + assert error_text in c.stderr.strip() @pytest.mark.parametrize('tor_key_info', [ diff --git a/molecule/testinfra/staging/common/test_user_config.py b/molecule/testinfra/staging/common/test_user_config.py index 6ba0409c6f..ef92ebb0b8 100644 --- a/molecule/testinfra/staging/common/test_user_config.py +++ b/molecule/testinfra/staging/common/test_user_config.py @@ -65,7 +65,7 @@ def test_sudoers_tmux_env(host): (tmux attach || tmux_attach_via_proc || tmux new-session) fi""" ) - assert host_file.content_string == expected_content + assert host_file.content_string.strip() == expected_content def test_tmux_installed(host): From 6d5dc805e4f70de9e865728cf405102a6b97b26a Mon Sep 17 00:00:00 2001 From: mickael e Date: Tue, 24 Sep 2019 15:12:51 -0400 Subject: [PATCH 08/10] Pin hashes for dev requirements Also updates docs with correct python3 requirements path --- .circleci/config.yml | 2 +- Makefile | 2 +- docs/development/contributor_guidelines.rst | 2 +- docs/development/documentation_guidelines.rst | 2 +- docs/development/setup_development.rst | 2 +- .../testing_configuration_tests.rst | 2 +- .../python3/develop-requirements.txt | 764 +++++++++++++++--- 7 files changed, 648 insertions(+), 128 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index c560b11ff6..0201cfe11f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -74,7 +74,7 @@ jobs: name: Run all linters but shellcheck command: | fromtag=$(docker images |grep securedrop-test-xenial-py3 |head -n1 |awk '{print $2}') - DOCKER_BUILD_ARGUMENTS="--cache-from securedrop-test-xenial-py3:${fromtag:-latest}" securedrop/bin/dev-shell bash -c "/opt/venvs/securedrop-app-code/bin/pip3 install -r requirements/python3/develop-requirements.txt && make -C .. ansible-config-lint app-lint docs-lint flake8 html-lint typelint yamllint" + DOCKER_BUILD_ARGUMENTS="--cache-from securedrop-test-xenial-py3:${fromtag:-latest}" securedrop/bin/dev-shell bash -c "/opt/venvs/securedrop-app-code/bin/pip3 install --require-hashes -r requirements/python3/develop-requirements.txt && make -C .. ansible-config-lint app-lint docs-lint flake8 html-lint typelint yamllint" - run: name: Run shellcheck diff --git a/Makefile b/Makefile index 19d29de6d9..2714c0c76a 100644 --- a/Makefile +++ b/Makefile @@ -28,7 +28,7 @@ update-admin-pip-requirements: ## Update admin requirements. .PHONY: update-python3-requirements update-python3-requirements: ## Update Python 3 requirements with pip-compile. @echo "███ Updating Python 3 requirements files..." - @$(DEVSHELL) pip-compile \ + @$(DEVSHELL) pip-compile --generate-hashes \ --output-file requirements/python3/develop-requirements.txt \ ../admin/requirements-ansible.in \ ../admin/requirements.in \ diff --git a/docs/development/contributor_guidelines.rst b/docs/development/contributor_guidelines.rst index 066ace872f..c698fb0a74 100644 --- a/docs/development/contributor_guidelines.rst +++ b/docs/development/contributor_guidelines.rst @@ -58,7 +58,7 @@ root of the repository: .. code:: sh - pip install -r securedrop/requirements/develop-requirements.txt + pip install --require-hashes -r securedrop/requirements/python3/develop-requirements.txt Python ~~~~~~ diff --git a/docs/development/documentation_guidelines.rst b/docs/development/documentation_guidelines.rst index 2f50190790..b55f943e8b 100644 --- a/docs/development/documentation_guidelines.rst +++ b/docs/development/documentation_guidelines.rst @@ -23,7 +23,7 @@ To get started editing the docs: .. code:: sh - pip install -r securedrop/requirements/develop-requirements.txt + pip install --require-hashes -r securedrop/requirements/python3/develop-requirements.txt #. Build the docs for viewing in your web browser: diff --git a/docs/development/setup_development.rst b/docs/development/setup_development.rst index e1d2ddad64..e7c07e725d 100644 --- a/docs/development/setup_development.rst +++ b/docs/development/setup_development.rst @@ -285,6 +285,6 @@ Ensure your virtualenv is activated and install the packages. .. code:: sh - pip install -r securedrop/requirements/python3/develop-requirements.txt + pip install --require-hashes -r securedrop/requirements/python3/develop-requirements.txt .. note:: You will need to run this everytime new packages are added. diff --git a/docs/development/testing_configuration_tests.rst b/docs/development/testing_configuration_tests.rst index a4f9f8b29a..3eee9da192 100644 --- a/docs/development/testing_configuration_tests.rst +++ b/docs/development/testing_configuration_tests.rst @@ -14,7 +14,7 @@ Installation .. code:: sh - pip install -r securedrop/requirements/develop-requirements.txt + pip install --require-hashes -r securedrop/requirements/python3/develop-requirements.txt Running the Config Tests diff --git a/securedrop/requirements/python3/develop-requirements.txt b/securedrop/requirements/python3/develop-requirements.txt index 886b683d50..fea59b0d99 100644 --- a/securedrop/requirements/python3/develop-requirements.txt +++ b/securedrop/requirements/python3/develop-requirements.txt @@ -2,129 +2,649 @@ # This file is autogenerated by pip-compile # To update, run: # -# pip-compile --output-file=requirements/python3/develop-requirements.txt ../admin/requirements-ansible.in ../admin/requirements.in requirements/python3/develop-requirements.in +# pip-compile --generate-hashes --output-file=requirements/python3/develop-requirements.txt ../admin/requirements-ansible.in ../admin/requirements.in requirements/python3/develop-requirements.in # -alabaster==0.7.10 # via sphinx -ansible-lint==4.1.0 # via molecule -ansible==2.6.18 -anyconfig==0.9.7 # via molecule -apipkg==1.4 # via execnet -argh==0.26.2 # via sphinx-autobuild, watchdog -arrow==0.10.0 # via jinja2-time -asn1crypto==0.22.0 # via cryptography -aspy.yaml==1.3.0 # via pre-commit -astroid==1.6.0 # via pylint -babel==2.4.0 # via sphinx -bandit==1.4.0 -bcrypt==3.1.3 # via paramiko -binaryornot==0.4.4 # via cookiecutter -boto3==1.5.24 -boto==2.48.0 -botocore==1.8.38 # via boto3, s3transfer -cerberus==1.3.1 # via molecule -certifi==2017.7.27.1 # via requests -cffi==1.10.0 # via bcrypt, cryptography, pynacl -cfgv==2.0.1 # via pre-commit -chardet==3.0.4 # via binaryornot, requests -click-completion==0.3.1 # via molecule -click==6.7 # via click-completion, cookiecutter, git-url-parse, molecule, pip-tools, python-gilt, safety -colorama==0.3.9 # via molecule, python-gilt -cookiecutter==1.6.0 # via molecule -cryptography==2.7 -dnspython==1.15.0 -docker-py==1.10.6 -docker-pycreds==0.2.1 # via docker-py -docopt==0.6.2 # via html-linter, template-remover -docutils==0.14 # via botocore, sphinx -dparse==0.4.1 # via safety -entrypoints==0.3 # via flake8 -execnet==1.4.1 # via pytest-xdist -fasteners==0.14.1 # via python-gilt -flake8==3.7.7 -future==0.16.0 # via cookiecutter -git-url-parse==1.0.2 # via python-gilt -gitdb2==2.0.3 # via gitpython -gitpython==2.1.8 # via bandit -html-linter==0.4.0 -identify==1.4.7 # via pre-commit -idna==2.5 # via requests -imagesize==0.7.1 # via sphinx -importlib-metadata==0.23 # via pre-commit -importlib-resources==1.0.2 # via pre-commit -isort==4.2.15 # via pylint -jinja2-time==0.2.0 # via cookiecutter -jinja2==2.10.1 # via ansible, click-completion, cookiecutter, jinja2-time, molecule, sphinx -jmespath==0.9.3 # via boto3, botocore -lazy-object-proxy==1.3.1 # via astroid -livereload==2.5.1 # via sphinx-autobuild -markupsafe==1.0 # via jinja2 -mccabe==0.6.1 # via flake8, pylint -molecule==2.22 -monotonic==1.4 # via fasteners -more-itertools==7.2.0 # via zipp -mypy-extensions==0.4.1 # via mypy -mypy==0.701 -netaddr==0.7.19 -nodeenv==1.3.3 # via pre-commit -packaging==16.8 # via dparse, safety -paramiko==2.6.0 # via ansible, molecule -pathspec==0.5.5 # via yamllint -pathtools==0.1.2 # via sphinx-autobuild, watchdog -pbr==5.1.1 # via git-url-parse, python-gilt, stevedore -pexpect==4.6.0 # via molecule -pip-tools==4.0.0 -port_for==0.3.1 # via sphinx-autobuild -poyo==0.4.1 # via cookiecutter -pre-commit==1.18.3 # via molecule -prompt-toolkit==2.0.9 -psutil==5.4.6 # via molecule -ptyprocess==0.5.2 # via pexpect -py==1.4.34 # via pytest -pycodestyle==2.5.0 # via flake8 -pycparser==2.18 # via cffi -pyenchant==2.0.0 -pyflakes==2.1.1 # via flake8 -pygments==2.2.0 # via sphinx -pylint==1.8.1 -pynacl==1.1.2 # via paramiko -pyparsing==2.2.0 # via packaging -pytest-xdist==1.18.2 -pytest==3.2.0 # via pytest-xdist, testinfra -python-dateutil==2.6.1 # via arrow, botocore -python-gilt==1.2.1 # via molecule -python-vagrant==0.5.15 -pytz==2017.2 # via babel -pyyaml==5.1.2 -requests==2.22.0 # via cookiecutter, docker-py, safety, sphinx -ruamel.yaml==0.15.97 # via ansible-lint -s3transfer==0.1.12 # via boto3 -safety==1.8.4 -sh==1.12.14 # via molecule, python-gilt -six==1.11.0 # via ansible-lint, astroid, bandit, bcrypt, cfgv, click-completion, cryptography, docker-py, docker-pycreds, dparse, fasteners, git-url-parse, livereload, molecule, packaging, pip-tools, pre-commit, prompt-toolkit, pylint, pynacl, python-dateutil, sphinx, stevedore, testinfra, websocket-client -smmap2==2.0.3 # via gitdb2 -snowballstemmer==1.2.1 # via sphinx -sphinx-autobuild==0.7.1 -sphinx-rtd-theme==0.2.4 -sphinx==1.6.3 -sphinxcontrib-websupport==1.0.1 # via sphinx -stevedore==1.28.0 # via bandit -tabulate==0.8.3 # via molecule -template-remover==0.1.9 # via html-linter -testinfra==3.2.0 -toml==0.10.0 # via pre-commit -tornado==4.5.1 # via livereload, sphinx-autobuild -tree-format==0.1.2 # via molecule -typed-ast==1.3.5 # via mypy -urllib3==1.25.3 -virtualenv==16.7.5 # via pre-commit -watchdog==0.8.3 # via sphinx-autobuild -wcwidth==0.1.7 # via prompt-toolkit -websocket-client==0.44.0 # via docker-py -whichcraft==0.4.1 # via cookiecutter -wrapt==1.10.11 # via astroid -yamllint==1.17.0 -zipp==0.6.0 # via importlib-metadata +alabaster==0.7.10 \ + --hash=sha256:2eef172f44e8d301d25aff8068fddd65f767a3f04b5f15b0f4922f113aa1c732 \ + --hash=sha256:37cdcb9e9954ed60912ebc1ca12a9d12178c26637abdf124e3cde2341c257fe0 \ + # via sphinx +ansible-lint==4.1.0 \ + --hash=sha256:9430ea6e654ba4bf5b9c6921efc040f46cda9c4fd2896a99ff71d21037bcb123 \ + --hash=sha256:c1b442b01091eca13ef11d98c3376e9489ba5b69a8467828ca86044f384bc0a1 \ + # via molecule +ansible==2.6.18 \ + --hash=sha256:588e4d85ec21cddf959a66cbe62bbfcff6236a1cd44b1264b14a19d34b8dffdf +anyconfig==0.9.7 \ + --hash=sha256:4d6016ae6eecc5e502bc7e99ae0639c5710c5c67bde5f21b06b9eaafd9ce0e7e \ + # via molecule +apipkg==1.4 \ + --hash=sha256:2e38399dbe842891fe85392601aab8f40a8f4cc5a9053c326de35a1cc0297ac6 \ + --hash=sha256:65d2aa68b28e7d31233bb2ba8eb31cda40e4671f8ac2d6b241e358c9652a74b9 \ + # via execnet +argh==0.26.2 \ + --hash=sha256:a9b3aaa1904eeb78e32394cd46c6f37ac0fb4af6dc488daa58971bdc7d7fcaf3 \ + --hash=sha256:e9535b8c84dc9571a48999094fda7f33e63c3f1b74f3e5f3ac0105a58405bb65 \ + # via sphinx-autobuild, watchdog +arrow==0.10.0 \ + --hash=sha256:805906f09445afc1f0fc80187db8fe07670e3b25cdafa09b8d8ac264a8c0c722 \ + # via jinja2-time +asn1crypto==0.22.0 \ + --hash=sha256:cbbadd640d3165ab24b06ef25d1dca09a3441611ac15f6a6b452474fdf0aed1a \ + --hash=sha256:d232509fefcfcdb9a331f37e9c9dc20441019ad927c7d2176cf18ed5da0ba097 \ + # via cryptography +aspy.yaml==1.3.0 \ + --hash=sha256:463372c043f70160a9ec950c3f1e4c3a82db5fca01d334b6bc89c7164d744bdc \ + --hash=sha256:e7c742382eff2caed61f87a39d13f99109088e5e93f04d76eb8d4b28aa143f45 \ + # via pre-commit +astroid==1.6.0 \ + --hash=sha256:71dadba2110008e2c03f9fde662ddd2053db3c0489d0e03c94e828a0399edd4f \ + --hash=sha256:badf6917ef7eb0ade0ea6eae347aed1e3f8f4c9375a02916f5cc450b3c8a64c0 \ + # via pylint +babel==2.4.0 \ + --hash=sha256:8c98f5e5f8f5f088571f2c6bd88d530e331cbbcb95a7311a0db69d3dca7ec563 \ + --hash=sha256:e86ca5a3a6bb64b9bbb62b9dac37225ec0ab5dfaae3c2492ebd648266468042f \ + # via sphinx +bandit==1.4.0 \ + --hash=sha256:cb977045497f83ec3a02616973ab845c829cdab8144ce2e757fe031104a9abd4 \ + --hash=sha256:de4cc19d6ba32d6f542c6a1ddadb4404571347d83ef1ed1e7afb7d0b38e0c25b +bcrypt==3.1.3 \ + --hash=sha256:05b35b9842b009b44496fa5433ce462f69966291e50fbd471dbb427f399f748f \ + --hash=sha256:06280fe19ffbcf6cf904de25190dd6fcd313e30bc79da305f5642a8295d1616e \ + --hash=sha256:1f3054d4da7c4a84b797d9130c36425b6e28134e9e67cd47b393774ea7168a3d \ + --hash=sha256:329c547f5525808aecd77ccade9fd443e381f9d91fc8164da1dae9c195e1f1f5 \ + --hash=sha256:35cfdfa3f64f8bad68d25f261bdc60fbb9e43f164881c496cb590bf8001aad83 \ + --hash=sha256:4396a33e112907f5978d5c40ca858b79fb1f6afd1caf3f8721c1411593d83bc2 \ + --hash=sha256:47d47df72e9f0462c8065a82da7b87f4b2577eb8a3fc855bcea165c2293beb84 \ + --hash=sha256:4eb357ab2cd27f4c6151d33130c667e9245beb9d1e6779ccf7e196d4cc20ffa8 \ + --hash=sha256:5129442f3f131c1210734699ffa2b7f956786e3e943d38a3158ce174708d0296 \ + --hash=sha256:5817b2b70a074cdab74c3871a2018d6931f8ef5148844006b8868b2be26f5abe \ + --hash=sha256:5929214153af8e3e461777837e0de1a00f2ced48d921e55fb952b4d5702e1be2 \ + --hash=sha256:5dce51509227741323469b5c5ac6c6ccb2b2380800acc72e60bdf1b3359a5deb \ + --hash=sha256:60c8aa69d18ee750d3678d67a265f1cf3559eabef98f90e3e646c3ff41e8795d \ + --hash=sha256:6645c8d0ad845308de3eb9be98b6fd22a46ec5412bfc664a423e411cdd8f5488 \ + --hash=sha256:66e3e1c105c1b811cf25974ee1eff53f2ebf4203c2e2c90e4b1097a837ba4a66 \ + --hash=sha256:69dc348c0b6b34b855f3f340756b35f0398e18f0637fc815be567c664cba7d1b \ + --hash=sha256:70b69c68aede91eb96df81227c0a060ead75a008c3d7e4858dc165265d125c44 \ + --hash=sha256:73aabf7967c4dc319644c8bcfcbfe8106a475b16af481e0c12402dce2fbac44d \ + --hash=sha256:7f08048c4315f56f02dcef350c9b149a1b7a88c46d316e16a83f1f25a71323c6 \ + --hash=sha256:81eb609e0e15336ce6d6acf37a2e4a89c5a2030b76bc7a907e7010d5b4332c38 \ + --hash=sha256:84b65684f53c4b6b9d9f61d7f9306e286613187bdf46f30d9a0bbadccfde2205 \ + --hash=sha256:8b32df00118b8e7de99eb5ca78374eff1a3934ca42972a54283ddcb85d77164d \ + --hash=sha256:9c3b27bcc772958a4a051ae333de802423ebe0a5dd4e58e642e6e9d641cd7f3c \ + --hash=sha256:9cdc6fcd0eda471b66aca565ce214639f1ad1c5f3a71a205c492d04d139bb75b \ + --hash=sha256:b67e222177bfd51532955307a1ec9afd5e9c90ba2ff9561acae562d1e75c6ac1 \ + --hash=sha256:b7679e478041ad8eae3d70e73dc7f6a2e913142a5fc35a6cabfcb7af977559c1 \ + --hash=sha256:b949fd8cab330cddb101d4d5fa1b02772b887c31280f10ee4530c2090c378b13 \ + --hash=sha256:bebccf76fad01fe91426023b3a41ee991a3ab539f3d3d74b7acdb75baf111224 \ + --hash=sha256:c22f3e2c29cb592b65020605649f6d3cd4cf626e6cf97ce1843547e5ea4d5f68 \ + --hash=sha256:c68f89a235752c2c191f17ca9a5a2496cb278b57ceb3753621f502a3f576fec5 \ + --hash=sha256:c8e236eabdaf230e5c49f26c28f95bc3788ba1296765a4e1b98143741fcd779c \ + --hash=sha256:cdbcff01afda970b8d8e57633204f4501eddbe2c03932f51e7030aebddaf72d5 \ + --hash=sha256:e0d47491bd496f823c7fdfdd6154b3e68b8ddf07556210bc46d39af31035f90a \ + --hash=sha256:f05cf87b6787b19c0daf9a7b89ac98708e48903120ccc04e4120528daba280fb \ + --hash=sha256:f1255ae53392e6e3a40955fa363d9522c915d3245c83029fd7a8ef500cd5f3be \ + --hash=sha256:f2bfc588ff4e779e3659b8db348f5fb7b8192d63efc4bf15ecc50a72c820a221 \ + # via paramiko +binaryornot==0.4.4 \ + --hash=sha256:359501dfc9d40632edc9fac890e19542db1a287bbcfa58175b66658392018061 \ + --hash=sha256:b8b71173c917bddcd2c16070412e369c3ed7f0528926f70cac18a6c97fd563e4 \ + # via cookiecutter +boto3==1.5.24 \ + --hash=sha256:13f97c60392b581d6b47c377a1c41fed736ce83694539ada8e480532496399be \ + --hash=sha256:f5d62530ab6463ad13e3bd9f80bdae79106db7b693838dbab2de92b1ad8db21c +boto==2.48.0 \ + --hash=sha256:13be844158d1bd80a94c972c806ec8381b9ea72035aa06123c5db6bc6a6f3ead \ + --hash=sha256:deb8925b734b109679e3de65856018996338758f4b916ff4fe7bb62b6d7000d1 +botocore==1.8.38 \ + --hash=sha256:1e82d18c23ba0c2251404aee33483e82729e5d4b1838c528206f2ed2ba4516cd \ + --hash=sha256:aa0aa83766b1dbb23f67d807222d78ab5ba528c23be5e7ffca7d8643e6224272 \ + # via boto3, s3transfer +cerberus==1.3.1 \ + --hash=sha256:0be48fc0dc84f83202a5309c0aa17cd5393e70731a1698a50d118b762fbe6875 \ + # via molecule +certifi==2017.7.27.1 \ + --hash=sha256:40523d2efb60523e113b44602298f0960e900388cf3bb6043f645cf57ea9e3f5 \ + --hash=sha256:54a07c09c586b0e4c619f02a5e94e36619da8e2b053e20f594348c0611803704 \ + # via requests +cffi==1.10.0 \ + --hash=sha256:1426e67e855ef7f5030c9184f4f1a9f4bfa020c31c962cd41fd129ec5aef4a6a \ + --hash=sha256:267dd2c66a5760c5f4d47e2ebcf8eeac7ef01e1ae6ae7a6d0d241a290068bc38 \ + --hash=sha256:285ab352552f52f1398c912556d4d36d4ea9b8450e5c65d03809bf9886755533 \ + --hash=sha256:446699c10f3c390633d0722bc19edbc7ac4b94761918a4a4f7908a24e86ebbd0 \ + --hash=sha256:4fc9c2ff7924b3a1fa326e1799e5dd58cac585d7fb25fe53ccaa1333b0453d65 \ + --hash=sha256:5576644b859197da7bbd8f8c7c2fb5dcc6cd505cadb42992d5f104c013f8a214 \ + --hash=sha256:562326fc7f55a59ef3fef5e82908fe938cdc4bbda32d734c424c7cd9ed73e93a \ + --hash=sha256:587a5043df4b00a2130e09fed42da02a4ed3c688bd9bf07a3ac89d2271f4fb07 \ + --hash=sha256:5de52b081a2775e76b971de9d997d85c4457fc0a09079e12d66849548ae60981 \ + --hash=sha256:7248506981eeba23888b4140a69a53c4c0c0a386abcdca61ed8dd790a73e64b9 \ + --hash=sha256:7f732ad4a30db0b39400c3f7011249f7d0701007d511bf09604729aea222871f \ + --hash=sha256:80796ea68e11624a0279d3b802f88a7fe7214122b97a15a6c97189934a2cc776 \ + --hash=sha256:937db39a1ec5af3003b16357b2042bba67c88d43bc11aaa203fa8a5924524209 \ + --hash=sha256:94fb8410c6c4fc48e7ea759d3d1d9ca561171a88d00faddd4aa0306f698ad6a0 \ + --hash=sha256:96e599b924ef009aa867f725b3249ee51d76489f484d3a45b4bd219c5ec6ed59 \ + --hash=sha256:98b89b2c57f97ce2db7aeba60db173c84871d73b40e41a11ea95de1500ddc57e \ + --hash=sha256:9a31c18ba4881a116e448c52f3f5d3e14401cf7a9c43cc88f06f2a7f5428da0e \ + --hash=sha256:9e389615bcecb8c782a87939d752340bb0a3a097e90bae54d7f0915bc12f45bd \ + --hash=sha256:a41406f6d62abcdf3eef9fd998d8dcff04fd2a7746644143045feeebd76352d1 \ + --hash=sha256:a8955265d146e86fe2ce116394be4eaf0cb40314a79b19f11c4fa574cd639572 \ + --hash=sha256:ab22285797631df3b513b2cd3ecdc51cd8e3d36788e3991d93d0759d6883b027 \ + --hash=sha256:afa7d8b8d38ad40db8713ee053d41b36d87d6ae5ec5ad36f9210b548a18dc214 \ + --hash=sha256:b3b02911eb1f6ada203b0763ba924234629b51586f72a21faacc638269f4ced5 \ + --hash=sha256:b560916546b2f209d74b82bdbc3223cee9a165b0242fa00a06dfc48a2054864a \ + --hash=sha256:b69b4557aae7de18b7c174a917fe19873529d927ac592762d9771661875bbd40 \ + --hash=sha256:bea842a0512be6a8007e585790bccd5d530520fc025ce63b03e139be373b0063 \ + --hash=sha256:c1d8b3d8dcb5c23ac1a8bf56422036f3f305a3c5a8bc8c354256579a1e2aa2c1 \ + --hash=sha256:c49187260043bd4c1d6a52186f9774f17d9b1da0a406798ebf4bfc12da166ade \ + --hash=sha256:d09ff358f75a874f69fa7d1c2b4acecf4282a950293fcfcf89aa606da8a9a500 \ + --hash=sha256:e2b7e090188833bc58b2ae03fb864c22688654ebd2096bcf38bc860c4f38a3d8 \ + --hash=sha256:e553eb489511cacf19eda6e52bc9e151316f0d721724997dda2c4d3079b778db \ + --hash=sha256:e7175287f7fe7b1cc203bb958b17db40abd732690c1e18e700f10e0843a58598 \ + --hash=sha256:e74896774e437f4715c57edeb5cf3d3a40d7727f541c2c12156617b5a15d1829 \ + --hash=sha256:e7d88fecb7b6250a1fd432e6dc64890342c372fce13dbfe4bb6f16348ad00c14 \ + --hash=sha256:ec08b88bef627ec1cea210e1608c85d3cf44893bcde74e41b7f7dbdfd2c1bad6 \ + --hash=sha256:f4019826a2dec066c909a1f483ef0dcf9325d6740cc0bd15308942b28b0930f7 \ + # via bcrypt, cryptography, pynacl +cfgv==2.0.1 \ + --hash=sha256:edb387943b665bf9c434f717bf630fa78aecd53d5900d2e05da6ad6048553144 \ + --hash=sha256:fbd93c9ab0a523bf7daec408f3be2ed99a980e20b2d19b50fc184ca6b820d289 \ + # via pre-commit +chardet==3.0.4 \ + --hash=sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae \ + --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691 \ + # via binaryornot, requests +click-completion==0.3.1 \ + --hash=sha256:7ca12978493a7450486cef155845af4fae48744c3f97b7250a254de65c9e5e5a \ + # via molecule +click==6.7 \ + --hash=sha256:29f99fc6125fbc931b758dc053b3114e55c77a6e4c6c3a2674a2dc986016381d \ + --hash=sha256:f15516df478d5a56180fbf80e68f206010e6d160fc39fa508b65e035fd75130b \ + # via click-completion, cookiecutter, git-url-parse, molecule, pip-tools, python-gilt, safety +colorama==0.3.9 \ + --hash=sha256:463f8483208e921368c9f306094eb6f725c6ca42b0f97e313cb5d5512459feda \ + --hash=sha256:48eb22f4f8461b1df5734a074b57042430fb06e1d61bd1e11b078c0fe6d7a1f1 \ + # via molecule, python-gilt +cookiecutter==1.6.0 \ + --hash=sha256:1316a52e1c1f08db0c9efbf7d876dbc01463a74b155a0d83e722be88beda9a3e \ + --hash=sha256:ed8f54a8fc79b6864020d773ce11539b5f08e4617f353de1f22d23226f6a0d36 \ + # via molecule +cryptography==2.7 \ + --hash=sha256:24b61e5fcb506424d3ec4e18bca995833839bf13c59fc43e530e488f28d46b8c \ + --hash=sha256:25dd1581a183e9e7a806fe0543f485103232f940fcfc301db65e630512cce643 \ + --hash=sha256:3452bba7c21c69f2df772762be0066c7ed5dc65df494a1d53a58b683a83e1216 \ + --hash=sha256:41a0be220dd1ed9e998f5891948306eb8c812b512dc398e5a01846d855050799 \ + --hash=sha256:5751d8a11b956fbfa314f6553d186b94aa70fdb03d8a4d4f1c82dcacf0cbe28a \ + --hash=sha256:5f61c7d749048fa6e3322258b4263463bfccefecb0dd731b6561cb617a1d9bb9 \ + --hash=sha256:72e24c521fa2106f19623a3851e9f89ddfdeb9ac63871c7643790f872a305dfc \ + --hash=sha256:7b97ae6ef5cba2e3bb14256625423413d5ce8d1abb91d4f29b6d1a081da765f8 \ + --hash=sha256:961e886d8a3590fd2c723cf07be14e2a91cf53c25f02435c04d39e90780e3b53 \ + --hash=sha256:96d8473848e984184b6728e2c9d391482008646276c3ff084a1bd89e15ff53a1 \ + --hash=sha256:ae536da50c7ad1e002c3eee101871d93abdc90d9c5f651818450a0d3af718609 \ + --hash=sha256:b0db0cecf396033abb4a93c95d1602f268b3a68bb0a9cc06a7cff587bb9a7292 \ + --hash=sha256:cfee9164954c186b191b91d4193989ca994703b2fff406f71cf454a2d3c7327e \ + --hash=sha256:e6347742ac8f35ded4a46ff835c60e68c22a536a8ae5c4422966d06946b6d4c6 \ + --hash=sha256:f27d93f0139a3c056172ebb5d4f9056e770fdf0206c2f422ff2ebbad142e09ed \ + --hash=sha256:f57b76e46a58b63d1c6375017f4564a28f19a5ca912691fd2e4261b3414b618d +dnspython==1.15.0 \ + --hash=sha256:40f563e1f7a7b80dc5a4e76ad75c23da53d62f1e15e6e517293b04e1f84ead7c \ + --hash=sha256:861e6e58faa730f9845aaaa9c6c832851fbf89382ac52915a51f89c71accdd31 +docker-py==1.10.6 \ + --hash=sha256:35b506e95861914fa5ad57a6707e3217b4082843b883be246190f57013948aba \ + --hash=sha256:4c2a75875764d38d67f87bc7d03f7443a3895704efc57962bdf6500b8d4bc415 +docker-pycreds==0.2.1 \ + --hash=sha256:58d2688f92de5d6f1a6ac4fe25da461232f0e0a4c1212b93b256b046b2d714a9 \ + --hash=sha256:93833a2cf280b7d8abbe1b8121530413250c6cd4ffed2c1cf085f335262f7348 \ + # via docker-py +docopt==0.6.2 \ + --hash=sha256:49b3a825280bd66b3aa83585ef59c4a8c82f2c8a522dbe754a8bc8d08c85c491 \ + # via html-linter, template-remover +docutils==0.14 \ + --hash=sha256:02aec4bd92ab067f6ff27a38a38a41173bf01bed8f89157768c1573f53e474a6 \ + --hash=sha256:51e64ef2ebfb29cae1faa133b3710143496eca21c530f3f71424d77687764274 \ + --hash=sha256:7a4bd47eaf6596e1295ecb11361139febe29b084a87bf005bf899f9a42edc3c6 \ + # via botocore, sphinx +dparse==0.4.1 \ + --hash=sha256:00a5fdfa900629e5159bf3600d44905b333f4059a3366f28e0dbd13eeab17b19 \ + --hash=sha256:cef95156fa0adedaf042cd42f9990974bec76f25dfeca4dc01f381a243d5aa5b \ + # via safety +entrypoints==0.3 \ + --hash=sha256:589f874b313739ad35be6e0cd7efde2a4e9b6fea91edcc34e58ecbb8dbe56d19 \ + --hash=sha256:c70dd71abe5a8c85e55e12c19bd91ccfeec11a6e99044204511f9ed547d48451 \ + # via flake8 +execnet==1.4.1 \ + --hash=sha256:d2b909c7945832e1c19cfacd96e78da68bdadc656440cfc7dfe59b766744eb8c \ + --hash=sha256:f66dd4a7519725a1b7e14ad9ae7d3df8e09b2da88062386e08e941cafc0ef3e6 \ + # via pytest-xdist +fasteners==0.14.1 \ + --hash=sha256:427c76773fe036ddfa41e57d89086ea03111bbac57c55fc55f3006d027107e18 \ + --hash=sha256:564a115ff9698767df401efca29620cbb1a1c2146b7095ebd304b79cc5807a7c \ + # via python-gilt +flake8==3.7.7 \ + --hash=sha256:859996073f341f2670741b51ec1e67a01da142831aa1fdc6242dbf88dffbe661 \ + --hash=sha256:a796a115208f5c03b18f332f7c11729812c8c3ded6c46319c59b53efd3819da8 +future==0.16.0 \ + --hash=sha256:e39ced1ab767b5936646cedba8bcce582398233d6a627067d4c6a454c90cfedb \ + # via cookiecutter +git-url-parse==1.0.2 \ + --hash=sha256:5cec43946d06d1a35e90567473d9ffe929c38ff25fd01a1858331cd0aa265e44 \ + --hash=sha256:75d1cf1e19534678711e1a9293e6fb978461a5f734adf941cd468a802d08bbb2 \ + --hash=sha256:bf0a20c48e8552fea1218b52714be84fa31b0d73c58897e70b765d5e7a26f4cb \ + # via python-gilt +gitdb2==2.0.3 \ + --hash=sha256:b60e29d4533e5e25bb50b7678bbc187c8f6bcff1344b4f293b2ba55c85795f09 \ + --hash=sha256:cf9a4b68e8c4da8d42e48728c944ff7af2d8c9db303ac1ab32eac37aa4194b0e \ + # via gitpython +gitpython==2.1.8 \ + --hash=sha256:ad61bc25deadb535b047684d06f3654c001d9415e1971e51c9c20f5b510076e9 \ + --hash=sha256:b8367c432de995dc330b5b146c5bfdc0926b8496e100fda6692134e00c0dcdc5 \ + # via bandit +html-linter==0.4.0 \ + --hash=sha256:342dad677f2fc810a2562fde0959046ed0d8fa1387bd9e085869e908c1941191 +identify==1.4.7 \ + --hash=sha256:4f1fe9a59df4e80fcb0213086fcf502bc1765a01ea4fe8be48da3b65afd2a017 \ + --hash=sha256:d8919589bd2a5f99c66302fec0ef9027b12ae150b0b0213999ad3f695fc7296e \ + # via pre-commit +idna==2.5 \ + --hash=sha256:3cb5ce08046c4e3a560fc02f138d0ac63e00f8ce5901a56b32ec8b7994082aab \ + --hash=sha256:cc19709fd6d0cbfed39ea875d29ba6d4e22c0cebc510a76d6302a28385e8bb70 \ + # via requests +imagesize==0.7.1 \ + --hash=sha256:0ab2c62b87987e3252f89d30b7cedbec12a01af9274af9ffa48108f2c13c6062 \ + --hash=sha256:6ebdc9e0ad188f9d1b2cdd9bc59cbe42bf931875e829e7a595e6b3abdc05cdfb \ + # via sphinx +importlib-metadata==0.23 \ + --hash=sha256:aa18d7378b00b40847790e7c27e11673d7fed219354109d0e7b9e5b25dc3ad26 \ + --hash=sha256:d5f18a79777f3aa179c145737780282e27b508fc8fd688cb17c7a813e8bd39af \ + # via pre-commit +importlib-resources==1.0.2 \ + --hash=sha256:6e2783b2538bd5a14678284a3962b0660c715e5a0f10243fd5e00a4b5974f50b \ + --hash=sha256:d3279fd0f6f847cced9f7acc19bd3e5df54d34f93a2e7bb5f238f81545787078 \ + # via pre-commit +isort==4.2.15 \ + --hash=sha256:79f46172d3a4e2e53e7016e663cc7a8b538bec525c36675fcfd2767df30b3983 \ + --hash=sha256:cd5d3fc2c16006b567a17193edf4ed9830d9454cbeb5a42ac80b36ea00c23db4 \ + # via pylint +jinja2-time==0.2.0 \ + --hash=sha256:d14eaa4d315e7688daa4969f616f226614350c48730bfa1692d2caebd8c90d40 \ + --hash=sha256:d3eab6605e3ec8b7a0863df09cc1d23714908fa61aa6986a845c20ba488b4efa \ + # via cookiecutter +jinja2==2.10.1 \ + --hash=sha256:065c4f02ebe7f7cf559e49ee5a95fb800a9e4528727aec6f24402a5374c65013 \ + --hash=sha256:14dd6caf1527abb21f08f86c784eac40853ba93edb79552aa1e4b8aef1b61c7b \ + # via ansible, click-completion, cookiecutter, jinja2-time, molecule, sphinx +jmespath==0.9.3 \ + --hash=sha256:6a81d4c9aa62caf061cb517b4d9ad1dd300374cd4706997aff9cd6aedd61fc64 \ + --hash=sha256:f11b4461f425740a1d908e9a3f7365c3d2e569f6ca68a2ff8bc5bcd9676edd63 \ + # via boto3, botocore +lazy-object-proxy==1.3.1 \ + --hash=sha256:0ce34342b419bd8f018e6666bfef729aec3edf62345a53b537a4dcc115746a33 \ + --hash=sha256:1b668120716eb7ee21d8a38815e5eb3bb8211117d9a90b0f8e21722c0758cc39 \ + --hash=sha256:209615b0fe4624d79e50220ce3310ca1a9445fd8e6d3572a896e7f9146bbf019 \ + --hash=sha256:27bf62cb2b1a2068d443ff7097ee33393f8483b570b475db8ebf7e1cba64f088 \ + --hash=sha256:27ea6fd1c02dcc78172a82fc37fcc0992a94e4cecf53cb6d73f11749825bd98b \ + --hash=sha256:2c1b21b44ac9beb0fc848d3993924147ba45c4ebc24be19825e57aabbe74a99e \ + --hash=sha256:2df72ab12046a3496a92476020a1a0abf78b2a7db9ff4dc2036b8dd980203ae6 \ + --hash=sha256:320ffd3de9699d3892048baee45ebfbbf9388a7d65d832d7e580243ade426d2b \ + --hash=sha256:50e3b9a464d5d08cc5227413db0d1c4707b6172e4d4d915c1c70e4de0bbff1f5 \ + --hash=sha256:5276db7ff62bb7b52f77f1f51ed58850e315154249aceb42e7f4c611f0f847ff \ + --hash=sha256:61a6cf00dcb1a7f0c773ed4acc509cb636af2d6337a08f362413c76b2b47a8dd \ + --hash=sha256:6ae6c4cb59f199d8827c5a07546b2ab7e85d262acaccaacd49b62f53f7c456f7 \ + --hash=sha256:7661d401d60d8bf15bb5da39e4dd72f5d764c5aff5a86ef52a042506e3e970ff \ + --hash=sha256:7bd527f36a605c914efca5d3d014170b2cb184723e423d26b1fb2fd9108e264d \ + --hash=sha256:7cb54db3535c8686ea12e9535eb087d32421184eacc6939ef15ef50f83a5e7e2 \ + --hash=sha256:7f3a2d740291f7f2c111d86a1c4851b70fb000a6c8883a59660d95ad57b9df35 \ + --hash=sha256:81304b7d8e9c824d058087dcb89144842c8e0dea6d281c031f59f0acf66963d4 \ + --hash=sha256:933947e8b4fbe617a51528b09851685138b49d511af0b6c0da2539115d6d4514 \ + --hash=sha256:94223d7f060301b3a8c09c9b3bc3294b56b2188e7d8179c762a1cda72c979252 \ + --hash=sha256:ab3ca49afcb47058393b0122428358d2fbe0408cf99f1b58b295cfeb4ed39109 \ + --hash=sha256:bd6292f565ca46dee4e737ebcc20742e3b5be2b01556dafe169f6c65d088875f \ + --hash=sha256:cb924aa3e4a3fb644d0c463cad5bc2572649a6a3f68a7f8e4fbe44aaa6d77e4c \ + --hash=sha256:d0fc7a286feac9077ec52a927fc9fe8fe2fabab95426722be4c953c9a8bede92 \ + --hash=sha256:ddc34786490a6e4ec0a855d401034cbd1242ef186c20d79d2166d6a4bd449577 \ + --hash=sha256:e34b155e36fa9da7e1b7c738ed7767fc9491a62ec6af70fe9da4a057759edc2d \ + --hash=sha256:e5b9e8f6bda48460b7b143c3821b21b452cb3a835e6bbd5dd33aa0c8d3f5137d \ + --hash=sha256:e81ebf6c5ee9684be8f2c87563880f93eedd56dd2b6146d8a725b50b7e5adb0f \ + --hash=sha256:eb91be369f945f10d3a49f5f9be8b3d0b93a4c2be8f8a5b83b0571b8123e0a7a \ + --hash=sha256:f460d1ceb0e4a5dcb2a652db0904224f367c9b3c1470d5a7683c0480e582468b \ + # via astroid +livereload==2.5.1 \ + --hash=sha256:422de10d7ea9467a1ba27cbaffa84c74b809d96fb1598d9de4b9b676adf35e2c \ + --hash=sha256:5ed6506f5d526ee712da9f3739c27714e6f3376f3e481728d298efceae0ec83a \ + # via sphinx-autobuild +markupsafe==1.0 \ + --hash=sha256:a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665 \ + # via jinja2 +mccabe==0.6.1 \ + --hash=sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42 \ + --hash=sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f \ + # via flake8, pylint +molecule==2.22 \ + --hash=sha256:12fa4231ed69c6e7f50432588eaace36cea917a8c73c1751269ce55df32ced24 \ + --hash=sha256:d9d7621167041ae2a8eb19f1f8dc23c071cdab2cd3ca80655e2c8796b4c00e09 +monotonic==1.4 \ + --hash=sha256:0bcd2b14e3b7ee7cfde796e408176ceffa01d89646f2e532964ef2aae0c9fa3e \ + --hash=sha256:a02611d5b518cd4051bf22d21bd0ae55b3a03f2d2993a19b6c90d9d168691f84 \ + # via fasteners +more-itertools==7.2.0 \ + --hash=sha256:409cd48d4db7052af495b09dec721011634af3753ae1ef92d2b32f73a745f832 \ + --hash=sha256:92b8c4b06dac4f0611c0729b2f2ede52b2e1bac1ab48f089c7ddc12e26bb60c4 \ + # via zipp +mypy-extensions==0.4.1 \ + --hash=sha256:37e0e956f41369209a3d5f34580150bcacfabaa57b33a15c0b25f4b5725e0812 \ + --hash=sha256:b16cabe759f55e3409a7d231ebd2841378fb0c27a5d1994719e340e4f429ac3e \ + # via mypy +mypy==0.701 \ + --hash=sha256:2afe51527b1f6cdc4a5f34fc90473109b22bf7f21086ba3e9451857cf11489e6 \ + --hash=sha256:56a16df3e0abb145d8accd5dbb70eba6c4bd26e2f89042b491faa78c9635d1e2 \ + --hash=sha256:5764f10d27b2e93c84f70af5778941b8f4aa1379b2430f85c827e0f5464e8714 \ + --hash=sha256:5bbc86374f04a3aa817622f98e40375ccb28c4836f36b66706cf3c6ccce86eda \ + --hash=sha256:6a9343089f6377e71e20ca734cd8e7ac25d36478a9df580efabfe9059819bf82 \ + --hash=sha256:6c9851bc4a23dc1d854d3f5dfd5f20a016f8da86bcdbb42687879bb5f86434b0 \ + --hash=sha256:b8e85956af3fcf043d6f87c91cbe8705073fc67029ba6e22d3468bfee42c4823 \ + --hash=sha256:b9a0af8fae490306bc112229000aa0c2ccc837b49d29a5c42e088c132a2334dd \ + --hash=sha256:bbf643528e2a55df2c1587008d6e3bda5c0445f1240dfa85129af22ae16d7a9a \ + --hash=sha256:c46ab3438bd21511db0f2c612d89d8344154c0c9494afc7fbc932de514cf8d15 \ + --hash=sha256:f7a83d6bd805855ef83ec605eb01ab4fa42bcef254b13631e451cbb44914a9b0 +netaddr==0.7.19 \ + --hash=sha256:38aeec7cdd035081d3a4c306394b19d677623bf76fa0913f6695127c7753aefd \ + --hash=sha256:56b3558bd71f3f6999e4c52e349f38660e54a7a8a9943335f73dfc96883e08ca +nodeenv==1.3.3 \ + --hash=sha256:ad8259494cf1c9034539f6cced78a1da4840a4b157e23640bc4a0c0546b0cb7a \ + # via pre-commit +packaging==16.8 \ + --hash=sha256:5d50835fdf0a7edf0b55e311b7c887786504efea1177abd7e69329a8e5ea619e \ + --hash=sha256:99276dc6e3a7851f32027a68f1095cd3f77c148091b092ea867a351811cfe388 \ + # via dparse, safety +paramiko==2.6.0 \ + --hash=sha256:99f0179bdc176281d21961a003ffdb2ec369daac1a1007241f53374e376576cf \ + --hash=sha256:f4b2edfa0d226b70bd4ca31ea7e389325990283da23465d572ed1f70a7583041 \ + # via ansible, molecule +pathspec==0.5.5 \ + --hash=sha256:72c495d1bbe76674219e307f6d1c6062f2e1b0b483a5e4886435127d0df3d0d3 \ + # via yamllint +pathtools==0.1.2 \ + --hash=sha256:7c35c5421a39bb82e58018febd90e3b6e5db34c5443aaaf742b3f33d4655f1c0 \ + # via sphinx-autobuild, watchdog +pbr==5.1.1 \ + --hash=sha256:f59d71442f9ece3dffc17bc36575768e1ee9967756e6b6535f0ee1f0054c3d68 \ + --hash=sha256:f6d5b23f226a2ba58e14e49aa3b1bfaf814d0199144b95d78458212444de1387 \ + # via git-url-parse, python-gilt, stevedore +pexpect==4.6.0 \ + --hash=sha256:2a8e88259839571d1251d278476f3eec5db26deb73a70be5ed5dc5435e418aba \ + --hash=sha256:3fbd41d4caf27fa4a377bfd16fef87271099463e6fa73e92a52f92dfee5d425b \ + # via molecule +pip-tools==4.0.0 \ + --hash=sha256:3b9fb8948340eff5869ac83dc85e3a7c62b837cec33609c45c48c2e5aa740ba5 \ + --hash=sha256:44469037863c3587b4c565caf258e2c752d4235c508cf8410a69164bb65ffc78 +port_for==0.3.1 \ + --hash=sha256:b16a84bb29c2954db44c29be38b17c659c9c27e33918dec16b90d375cc596f1c \ + # via sphinx-autobuild +poyo==0.4.1 \ + --hash=sha256:103b4ee3e1c7765098fe1cabe43f828db2e2a6079646561a2117e1a809f352d6 \ + --hash=sha256:230ec11c2f35a23410c1f0e474f09fa4e203686f40ab3adca7b039c845d8c325 \ + # via cookiecutter +pre-commit==1.18.3 \ + --hash=sha256:1d3c0587bda7c4e537a46c27f2c84aa006acc18facf9970bf947df596ce91f3f \ + --hash=sha256:fa78ff96e8e9ac94c748388597693f18b041a181c94a4f039ad20f45287ba44a \ + # via molecule +prompt-toolkit==2.0.9 \ + --hash=sha256:11adf3389a996a6d45cc277580d0d53e8a5afd281d0c9ec71b28e6f121463780 \ + --hash=sha256:2519ad1d8038fd5fc8e770362237ad0364d16a7650fb5724af6997ed5515e3c1 \ + --hash=sha256:977c6583ae813a37dc1c2e1b715892461fcbdaa57f6fc62f33a528c4886c8f55 +psutil==5.4.6 \ + --hash=sha256:0ff2b16e9045d01edb1dd10d7fbcc184012e37f6cd38029e959f2be9c6223f50 \ + --hash=sha256:254adb6a27c888f141d2a6032ae231d8ed4fc5f7583b4c825e5f7d7c78d26d2e \ + --hash=sha256:319e12f6bae4d4d988fbff3bed792953fa3b44c791f085b0a1a230f755671ef7 \ + --hash=sha256:529ae235896efb99a6f77653a7138273ab701ec9f0343a1f5030945108dee3c4 \ + --hash=sha256:686e5a35fe4c0acc25f3466c32e716f2d498aaae7b7edc03e2305b682226bcf6 \ + --hash=sha256:6d981b4d863b20c8ceed98b8ac3d1ca7f96d28707a80845d360fa69c8fc2c44b \ + --hash=sha256:7789885a72aa3075d28d028236eb3f2b84d908f81d38ad41769a6ddc2fd81b7c \ + --hash=sha256:7f4616bcb44a6afda930cfc40215e5e9fa7c6896e683b287c771c937712fbe2f \ + --hash=sha256:7fdb3d02bfd68f508e6745021311a4a4dbfec53fca03721474e985f310e249ba \ + --hash=sha256:a9b85b335b40a528a8e2a6b549592138de8429c6296e7361892958956e6a73cf \ + --hash=sha256:dc85fad15ef98103ecc047a0d81b55bbf5fe1b03313b96e883acc2e2fa87ed5c \ + # via molecule +ptyprocess==0.5.2 \ + --hash=sha256:e64193f0047ad603b71f202332ab5527c5e52aa7c8b609704fc28c0dc20c4365 \ + --hash=sha256:e8c43b5eee76b2083a9badde89fd1bbce6c8942d1045146e100b7b5e014f4f1a \ + # via pexpect +py==1.4.34 \ + --hash=sha256:0f2d585d22050e90c7d293b6451c83db097df77871974d90efd5a30dc12fcde3 \ + --hash=sha256:2ccb79b01769d99115aa600d7eed99f524bf752bba8f041dc1c184853514655a \ + # via pytest +pycodestyle==2.5.0 \ + --hash=sha256:95a2219d12372f05704562a14ec30bc76b05a5b297b21a5dfe3f6fac3491ae56 \ + --hash=sha256:e40a936c9a450ad81df37f549d676d127b1b66000a6c500caa2b085bc0ca976c \ + # via flake8 +pycparser==2.18 \ + --hash=sha256:99a8ca03e29851d96616ad0404b4aad7d9ee16f25c9f9708a11faf2810f7b226 \ + # via cffi +pyenchant==2.0.0 \ + --hash=sha256:b9526fc2c5f1ba0637e50200b645a7c20fb6644dbc6f6322027e7d2fbf1084a5 \ + --hash=sha256:e8000144e61551fcab9cd1b6fdccdded20e577e8d6d0985533f0b2b9c38fd952 \ + --hash=sha256:fc31cda72ace001da8fe5d42f11c26e514a91fa8c70468739216ddd8de64e2a0 +pyflakes==2.1.1 \ + --hash=sha256:17dbeb2e3f4d772725c777fabc446d5634d1038f234e77343108ce445ea69ce0 \ + --hash=sha256:d976835886f8c5b31d47970ed689944a0262b5f3afa00a5a7b4dc81e5449f8a2 \ + # via flake8 +pygments==2.2.0 \ + --hash=sha256:78f3f434bcc5d6ee09020f92ba487f95ba50f1e3ef83ae96b9d5ffa1bab25c5d \ + --hash=sha256:dbae1046def0efb574852fab9e90209b23f556367b5a320c0bcb871c77c3e8cc \ + # via sphinx +pylint==1.8.1 \ + --hash=sha256:3035e44e37cd09919e9edad5573af01d7c6b9c52a0ebb4781185ae7ab690458b \ + --hash=sha256:c8e59da0f2f9990eb00aad1c1de16cd7809315842ebccc3f65ca9df46213df3b +pynacl==1.1.2 \ + --hash=sha256:123c41df1db119397f2e26e9c63ca2ea853d3663e26b1c389bd3859dc1b7178a \ + --hash=sha256:1b4938a557b32e5c6b27fac79a94cf1abb70753b5462a0b577bd2a77e09dacd0 \ + --hash=sha256:301c966c1e17950e50d174ab4b2e7ef3e98ff51ad7a591152a19fe2139281eed \ + --hash=sha256:32f52b754abf07c319c04ce16905109cab44b0e7f7c79497431d3b2000f8af8c \ + --hash=sha256:3fd984580cbea8e02fc531aa32ab9487b72c30127f9e4c8db9ba3fe8950ecc93 \ + --hash=sha256:4a3be9f884df08087996516707446ba55648bbefae8428bf578fa05f20fa2ed9 \ + --hash=sha256:4c15d7cea1a313fff3f68222e682ee1f855e43c0865081cad7385066a6b57d75 \ + --hash=sha256:4d21d733a63637ddf41d0cab50135ec9f5224dd22fd10ebf5c5f5f946b833f84 \ + --hash=sha256:506bc2591968a1a7b6577075bc29a591d8fff5bdfec03b0dd926f34b75b670e5 \ + --hash=sha256:5172395dea8203ae124fd282fef3d242aa75366d66aebc0f5aab0c4753eed97b \ + --hash=sha256:53d83faf274813a5778bba1cd4cb96b79f39e44a63b1c4a4dada01a2b0eeafe8 \ + --hash=sha256:57314a7bad4bd39501dc622942f9921923673e52e126b0fc4f0214b5d25d619a \ + --hash=sha256:67b75a950dbc4025bfa549c183baa17db4096955912f385df31830e5a2121974 \ + --hash=sha256:75a427377b2088c29a44db08c796c75a9cde2f9725dd041903cfbc0f6034895c \ + --hash=sha256:7d14f18f8bc43977691276097524b9713d21b9635fea9791311261a66e4fe296 \ + --hash=sha256:813d4170f62d68236bb041cf731e8d1f34fc1006a5e5d81139bead6ddaa9d169 \ + --hash=sha256:877879903cddb5da317fe86d923f65eb28c62fd7feb79cd3402d166e401f9423 \ + --hash=sha256:9532aaa446840ece574c719ad3bbf25f60ca9871f48b5446e3f73e8b498e2398 \ + --hash=sha256:9558ef5c1ae45322c054d1d1151016e0463b4da8b5c746a675e99c5c7d8f4faa \ + --hash=sha256:99f91eb80b85fe16f70d362cfeae8eeeb108cd09a85f039fdab02164762f764b \ + --hash=sha256:b796d95704b674100bd99fc42bbde9f8f2ccddae8599a4d4bbcb518428dfbfed \ + --hash=sha256:c4ea0e3b9f3317ada56e12c7b37f6d0316900ae8b54a20d7b100d4e14350ac87 \ + --hash=sha256:c93d151efcdd7d214b1b11d781c9f1b125f0208cd06d9762bddabdfeac1cedfc \ + --hash=sha256:ca2deb968135f1400105ca902f5cef24ba6984b6a4904756498afcb9077c76f9 \ + --hash=sha256:ceb16b7977123713ad898450ca86a2dc6706a17fe4cf278ffb6b76929c186550 \ + --hash=sha256:dfc85c2b414dee700e32764559d560063825ec1470d3ee6c973e43c80a622e56 \ + --hash=sha256:f01405a5c453b866e35338c53882f7ba7069c1f4e4045ce67513ad45c796f8a5 \ + --hash=sha256:ffb74ac578b3b80b1d2d5a23a6dd7b1d6682e5fce6a7b3d21b46b180a5546055 \ + # via paramiko +pyparsing==2.2.0 \ + --hash=sha256:0832bcf47acd283788593e7a0f542407bd9550a55a8a8435214a1960e04bcb04 \ + --hash=sha256:fee43f17a9c4087e7ed1605bd6df994c6173c1e977d7ade7b651292fab2bd010 \ + # via packaging +pytest-xdist==1.18.2 \ + --hash=sha256:10468377901b80255cf192c4603a94ffe8b1f071f5c912868da5f5cb91170dae +pytest==3.2.0 \ + --hash=sha256:0225cf10b9e173f84729d5f4648211458a222c6e53a77a85e104bc5f31c244ee \ + --hash=sha256:d994b4f28c6d449a467ad3d336544945a0dcf350e3b7b301219547ef5aa8125e \ + # via pytest-xdist, testinfra +python-dateutil==2.6.1 \ + --hash=sha256:891c38b2a02f5bb1be3e4793866c8df49c7d19baabf9c1bad62547e0b4866aca \ + --hash=sha256:95511bae634d69bc7329ba55e646499a842bc4ec342ad54a8cdb65645a0aad3c \ + # via arrow, botocore +python-gilt==1.2.1 \ + --hash=sha256:4fd58c128635d1f4a8c93305e648f23379ce56e23624e4c5479427fcd2d5656e \ + --hash=sha256:c7321ef1a8efddbdef657b4fd21c3eaf1b4cb24a9656d97b73a444b1feb2067a \ + --hash=sha256:e23a45a6905e6bb7aec3ff7652b48309933a6991fad4546d9e793ac7e0513f8a \ + # via molecule +python-vagrant==0.5.15 \ + --hash=sha256:af9a8a9802d382d45dbea96aa3cfbe77c6e6ad65b3fe7b7c799d41ab988179c6 +pytz==2017.2 \ + --hash=sha256:d1d6729c85acea5423671382868627129432fba9a89ecbb248d8d1c7a9f01c67 \ + --hash=sha256:f5c056e8f62d45ba8215e5cb8f50dfccb198b4b9fbea8500674f3443e4689589 \ + # via babel +pyyaml==5.1.2 \ + --hash=sha256:0113bc0ec2ad727182326b61326afa3d1d8280ae1122493553fd6f4397f33df9 \ + --hash=sha256:01adf0b6c6f61bd11af6e10ca52b7d4057dd0be0343eb9283c878cf3af56aee4 \ + --hash=sha256:5124373960b0b3f4aa7df1707e63e9f109b5263eca5976c66e08b1c552d4eaf8 \ + --hash=sha256:5ca4f10adbddae56d824b2c09668e91219bb178a1eee1faa56af6f99f11bf696 \ + --hash=sha256:7907be34ffa3c5a32b60b95f4d95ea25361c951383a894fec31be7252b2b6f34 \ + --hash=sha256:7ec9b2a4ed5cad025c2278a1e6a19c011c80a3caaac804fd2d329e9cc2c287c9 \ + --hash=sha256:87ae4c829bb25b9fe99cf71fbb2140c448f534e24c998cc60f39ae4f94396a73 \ + --hash=sha256:9de9919becc9cc2ff03637872a440195ac4241c80536632fffeb6a1e25a74299 \ + --hash=sha256:a5a85b10e450c66b49f98846937e8cfca1db3127a9d5d1e31ca45c3d0bef4c5b \ + --hash=sha256:b0997827b4f6a7c286c01c5f60384d218dca4ed7d9efa945c3e1aa623d5709ae \ + --hash=sha256:b631ef96d3222e62861443cc89d6563ba3eeb816eeb96b2629345ab795e53681 \ + --hash=sha256:bf47c0607522fdbca6c9e817a6e81b08491de50f3766a7a0e6a5be7905961b41 \ + --hash=sha256:f81025eddd0327c7d4cfe9b62cf33190e1e736cc6e97502b3ec425f574b3e7a8 +requests==2.22.0 \ + --hash=sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4 \ + --hash=sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31 \ + # via cookiecutter, docker-py, safety, sphinx +ruamel.yaml==0.15.97 \ + --hash=sha256:17dbf6b7362e7aee8494f7a0f5cffd44902a6331fe89ef0853b855a7930ab845 \ + --hash=sha256:23731c9efb79f3f5609dedffeb6c5c47a68125fd3d4b157d9fc71b1cd49076a9 \ + --hash=sha256:2bbdd598ae57bac20968cf9028cc67d37d83bdb7942a94b9478110bc72193148 \ + --hash=sha256:34586084cdd60845a3e1bece2b58f0a889be25450db8cc0ea143ddf0f40557a2 \ + --hash=sha256:35957fedbb287b01313bb5c556ffdc70c0277c3500213b5e73dfd8716f748d77 \ + --hash=sha256:414cb87a40974a575830b406ffab4ab8c6cbd82eeb73abd2a9d1397c1f0223e1 \ + --hash=sha256:428775be75db68d908b17e4e8dda424c410222f170dc173246aa63e972d094b3 \ + --hash=sha256:514f670f7d36519bda504d507edfe63e3c20489f86c86d42bc4d9a6dbdf82c7b \ + --hash=sha256:5cb962c1ac6887c5da29138fbbe3b4b7705372eb54e599907fa63d4cd743246d \ + --hash=sha256:5f6e30282cf70fb7754e1a5f101e27b5240009766376e131b31ab49f14fe81be \ + --hash=sha256:86f8e010af6af0b4f42de2d0d9b19cb441e61d3416082186f9dd03c8552d13ad \ + --hash=sha256:8d47ed1e557d546bd2dfe54f504d7274274602ff7a0652cde84c258ad6c2d96d \ + --hash=sha256:98668876720bce1ac08562d8b93a564a80e3397e442c7ea19cebdcdf73da7f74 \ + --hash=sha256:9e1f0ddc18d8355dcf5586a5d90417df56074f237812b8682a93b62cca9d2043 \ + --hash=sha256:a7bc812a72a79d6b7dbb96fa5bee3950464b65ec055d3abc4db6572f2373a95c \ + --hash=sha256:b72e13f9f206ee103247b07afd5a39c8b1aa98e8eba80ddba184d030337220ba \ + --hash=sha256:bcff8ea9d916789e85e24beed8830c157fb8bc7c313e554733a8151540e66c01 \ + --hash=sha256:c76e78b3bab652069b8d6f7889b0e72f3455c2b854b2e0a8818393d149ad0a0d \ + # via ansible-lint +s3transfer==0.1.12 \ + --hash=sha256:10891b246296e0049071d56c32953af05cea614dca425a601e4c0be35990121e \ + --hash=sha256:23c156ca4d64b022476c92c44bf938bef71af9ce0dcd8fd6585e7bce52f66e47 \ + # via boto3 +safety==1.8.4 \ + --hash=sha256:399511524f47230d5867f1eb75548f9feefb7a2711a4985cb5be0e034f87040f \ + --hash=sha256:69b970918324865dcd7b92337e07152a0ea1ceecaf92f4d3b38529ee0ca83441 +sh==1.12.14 \ + --hash=sha256:ae3258c5249493cebe73cb4e18253a41ed69262484bad36fdb3efcb8ad8870bb \ + --hash=sha256:b52bf5833ed01c7b5c5fb73a7f71b3d98d48e9b9b8764236237bdc7ecae850fc \ + # via molecule, python-gilt +six==1.11.0 \ + --hash=sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9 \ + --hash=sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb \ + # via ansible-lint, astroid, bandit, bcrypt, cfgv, click-completion, cryptography, docker-py, docker-pycreds, dparse, fasteners, git-url-parse, livereload, molecule, packaging, pip-tools, pre-commit, prompt-toolkit, pylint, pynacl, python-dateutil, sphinx, stevedore, testinfra, websocket-client +smmap2==2.0.3 \ + --hash=sha256:b78ee0f1f5772d69ff50b1cbdb01b8c6647a8354f02f23b488cf4b2cfc923956 \ + --hash=sha256:c7530db63f15f09f8251094b22091298e82bf6c699a6b8344aaaef3f2e1276c3 \ + # via gitdb2 +snowballstemmer==1.2.1 \ + --hash=sha256:919f26a68b2c17a7634da993d91339e288964f93c274f1343e3bbbe2096e1128 \ + --hash=sha256:9f3bcd3c401c3e862ec0ebe6d2c069ebc012ce142cce209c098ccb5b09136e89 \ + # via sphinx +sphinx-autobuild==0.7.1 \ + --hash=sha256:66388f81884666e3821edbe05dd53a0cfb68093873d17320d0610de8db28c74e \ + --hash=sha256:e60aea0789cab02fa32ee63c7acae5ef41c06f1434d9fd0a74250a61f5994692 +sphinx-rtd-theme==0.2.4 \ + --hash=sha256:2df74b8ff6fae6965c527e97cca6c6c944886aae474b490e17f92adfbe843417 \ + --hash=sha256:62ee4752716e698bad7de8a18906f42d33664128eea06c46b718fc7fbd1a9f5c +sphinx==1.6.3 \ + --hash=sha256:3ea0faf3e152a0e40372d8495c8cbd59e93f89266231c367d8098ec0dfede98f \ + --hash=sha256:af8bdb8c714552b77d01d4536e3d6d2879d6cb9d25423d29163d5788e27046e6 +sphinxcontrib-websupport==1.0.1 \ + --hash=sha256:7a85961326aa3a400cd4ad3c816d70ed6f7c740acd7ce5d78cd0a67825072eb9 \ + --hash=sha256:f4932e95869599b89bf4f80fc3989132d83c9faa5bf633e7b5e0c25dffb75da2 \ + # via sphinx +stevedore==1.28.0 \ + --hash=sha256:e3d96b2c4e882ec0c1ff95eaebf7b575a779fd0ccb4c741b9832bed410d58b3d \ + --hash=sha256:f1c7518e7b160336040fee272174f1f7b29a46febb3632502a8f2055f973d60b \ + # via bandit +tabulate==0.8.3 \ + --hash=sha256:8af07a39377cee1103a5c8b3330a421c2d99b9141e9cc5ddd2e3263fea416943 \ + # via molecule +template-remover==0.1.9 \ + --hash=sha256:480f1ce63f56affac1edb29356afcca1260e8409cd928fcf9438fc149df5ff41 \ + # via html-linter +testinfra==3.2.0 \ + --hash=sha256:16201d64659ec0c2d25f65d6ce1f5367668b7b4eb102450efd4f8983a399d7d0 \ + --hash=sha256:5cebf61fee13c2e83b5e177431e751e243fc779293377c5e0c3b43910bb7e870 +toml==0.10.0 \ + --hash=sha256:229f81c57791a41d65e399fc06bf0848bab550a9dfd5ed66df18ce5f05e73d5c \ + --hash=sha256:235682dd292d5899d361a811df37e04a8828a5b1da3115886b73cf81ebc9100e \ + # via pre-commit +tornado==4.5.1 \ + --hash=sha256:0a6894559e62a186d6cc20f1c0e7318f83ae8e28922d75c4b6f83d42cc91d8b1 \ + --hash=sha256:2b4618010625bcf01f187eec3148c6a3db76a2a900f7dde416330fc413274df1 \ + --hash=sha256:c3f4456f0ab9e62dab7ede834dcf4c89082238e97b3e67a9196572c076e716aa \ + --hash=sha256:db0904a28253cfe53e7dedc765c71596f3c53bb8a866ae50123320ec1a7b73fd \ + --hash=sha256:fb0883ae46da958d06fda2e3be6c033825a0b8603c493df8a69c0237055308d9 \ + # via livereload, sphinx-autobuild +tree-format==0.1.2 \ + --hash=sha256:a538523aa78ae7a4b10003b04f3e1b37708e0e089d99c9d3b9e1c71384c9a7f9 \ + --hash=sha256:b5056228dbedde1fb81b79f71fb0c23c98e9d365230df9b29af76e8d8003de11 \ + # via molecule +typed-ast==1.3.5 \ + --hash=sha256:132eae51d6ef3ff4a8c47c393a4ef5ebf0d1aecc96880eb5d6c8ceab7017cc9b \ + --hash=sha256:18141c1484ab8784006c839be8b985cfc82a2e9725837b0ecfa0203f71c4e39d \ + --hash=sha256:2baf617f5bbbfe73fd8846463f5aeafc912b5ee247f410700245d68525ec584a \ + --hash=sha256:3d90063f2cbbe39177e9b4d888e45777012652d6110156845b828908c51ae462 \ + --hash=sha256:4304b2218b842d610aa1a1d87e1dc9559597969acc62ce717ee4dfeaa44d7eee \ + --hash=sha256:4983ede548ffc3541bae49a82675996497348e55bafd1554dc4e4a5d6eda541a \ + --hash=sha256:5315f4509c1476718a4825f45a203b82d7fdf2a6f5f0c8f166435975b1c9f7d4 \ + --hash=sha256:6cdfb1b49d5345f7c2b90d638822d16ba62dc82f7616e9b4caa10b72f3f16649 \ + --hash=sha256:7b325f12635598c604690efd7a0197d0b94b7d7778498e76e0710cd582fd1c7a \ + --hash=sha256:8d3b0e3b8626615826f9a626548057c5275a9733512b137984a68ba1598d3d2f \ + --hash=sha256:8f8631160c79f53081bd23446525db0bc4c5616f78d04021e6e434b286493fd7 \ + --hash=sha256:912de10965f3dc89da23936f1cc4ed60764f712e5fa603a09dd904f88c996760 \ + --hash=sha256:b010c07b975fe853c65d7bbe9d4ac62f1c69086750a574f6292597763781ba18 \ + --hash=sha256:c908c10505904c48081a5415a1e295d8403e353e0c14c42b6d67f8f97fae6616 \ + --hash=sha256:c94dd3807c0c0610f7c76f078119f4ea48235a953512752b9175f9f98f5ae2bd \ + --hash=sha256:ce65dee7594a84c466e79d7fb7d3303e7295d16a83c22c7c4037071b059e2c21 \ + --hash=sha256:eaa9cfcb221a8a4c2889be6f93da141ac777eb8819f077e1d09fb12d00a09a93 \ + --hash=sha256:f3376bc31bad66d46d44b4e6522c5c21976bf9bca4ef5987bb2bf727f4506cbb \ + --hash=sha256:f9202fa138544e13a4ec1a6792c35834250a85958fde1251b6a22e07d1260ae7 \ + # via mypy +urllib3==1.25.3 \ + --hash=sha256:b246607a25ac80bedac05c6f282e3cdaf3afb65420fd024ac94435cabe6e18d1 \ + --hash=sha256:dbe59173209418ae49d485b87d1681aefa36252ee85884c31346debd19463232 +virtualenv==16.7.5 \ + --hash=sha256:680af46846662bb38c5504b78bad9ed9e4f3ba2d54f54ba42494fdf94337fe30 \ + --hash=sha256:f78d81b62d3147396ac33fc9d77579ddc42cc2a98dd9ea38886f616b33bc7fb2 \ + # via pre-commit +watchdog==0.8.3 \ + --hash=sha256:7e65882adb7746039b6f3876ee174952f8eaaa34491ba34333ddf1fe35de4162 \ + # via sphinx-autobuild +wcwidth==0.1.7 \ + --hash=sha256:3df37372226d6e63e1b1e1eda15c594bca98a22d33a23832a90998faa96bc65e \ + --hash=sha256:f4ebe71925af7b40a864553f761ed559b43544f8f71746c2d756c7fe788ade7c \ + # via prompt-toolkit +websocket-client==0.44.0 \ + --hash=sha256:15f585566e2ea7459136a632b9785aa081093064391878a448c382415e948d72 \ + --hash=sha256:91222bb3a22ba989ac87eec9121655f295dcb746b6207c5576ffa549ab69302c \ + # via docker-py +whichcraft==0.4.1 \ + --hash=sha256:9e0d51c9387cb7e9f28b7edb549e6a03da758f7784f991eb4397d7f7808c57fd \ + --hash=sha256:cd0e10b58960ab877d9f273cd28788730936c3cdaceec2dafad97c7cf3067d46 \ + # via cookiecutter +wrapt==1.10.11 \ + --hash=sha256:d4d560d479f2c21e1b5443bbd15fe7ec4b37fe7e53d335d3b9b0a7b1226fe3c6 \ + # via astroid +yamllint==1.17.0 \ + --hash=sha256:67173339f28868260ce5912abfefa10e115ceb1d2ac1c4d8c7acc8c4ef6c9a8a \ + --hash=sha256:70a6f8316851254e197a6231c35577be29fa2fbe2c77390a54c9a50217cdaa13 +zipp==0.6.0 \ + --hash=sha256:3718b1cbcd963c7d4c5511a8240812904164b7f381b647143a89d3b98f9bcd8e \ + --hash=sha256:f06903e9f1f43b12d371004b4ac7b06ab39a44adc747266928ae6debfa7b3335 \ + # via importlib-metadata -# The following packages are considered to be unsafe in a requirements file: +# WARNING: The following packages were not pinned, but pip requires them to be +# pinned when the requirements file includes hashes. Consider using the --allow-unsafe flag. # pip==19.2.3 # via safety # setuptools==41.2.0 # via ansible, pytest, sphinx From aacaed7803598a2316c3a63b00a2cc0eccc5853a Mon Sep 17 00:00:00 2001 From: mickael e Date: Wed, 25 Sep 2019 14:02:18 -0400 Subject: [PATCH 09/10] Bump ansible to 2.6.19 Resolves CVE-2019-10206 --- admin/requirements.txt | 4 ++-- .../ansible-base/callback_plugins/ansible_version_check.py | 2 +- securedrop/requirements/python3/develop-requirements.txt | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/admin/requirements.txt b/admin/requirements.txt index 586d534892..73035d1a37 100644 --- a/admin/requirements.txt +++ b/admin/requirements.txt @@ -4,8 +4,8 @@ # # pip-compile --generate-hashes --output-file=requirements.txt requirements-ansible.in requirements.in # -ansible==2.6.18 \ - --hash=sha256:588e4d85ec21cddf959a66cbe62bbfcff6236a1cd44b1264b14a19d34b8dffdf +ansible==2.6.19 \ + --hash=sha256:dbcfc9ddf620d05e1147b4c713738045a67c32be7260b11cbdbd84e92b77ca06 asn1crypto==0.24.0 \ --hash=sha256:2f1adbb7546ed199e3c90ef23ec95c5cf3585bac7d11fb7eb562a3fe89c64e87 \ --hash=sha256:9d5c20441baf0cb60a4ac34cc447c6c189024b6b4c6cd7877034f4965c464e49 \ diff --git a/install_files/ansible-base/callback_plugins/ansible_version_check.py b/install_files/ansible-base/callback_plugins/ansible_version_check.py index 1f69507a8b..50d7d3cd45 100644 --- a/install_files/ansible-base/callback_plugins/ansible_version_check.py +++ b/install_files/ansible-base/callback_plugins/ansible_version_check.py @@ -21,7 +21,7 @@ class CallbackModule(CallbackBase): def __init__(self): # Can't use `on_X` because this isn't forwards compatible # with Ansible 2.0+ - required_version = '2.6.18' # Keep synchronized with requirements files + required_version = '2.6.19' # Keep synchronized with requirements files if not ansible.__version__.startswith(required_version): print_red_bold( "SecureDrop restriction: only Ansible {version}.*" diff --git a/securedrop/requirements/python3/develop-requirements.txt b/securedrop/requirements/python3/develop-requirements.txt index fea59b0d99..e07ed78942 100644 --- a/securedrop/requirements/python3/develop-requirements.txt +++ b/securedrop/requirements/python3/develop-requirements.txt @@ -12,8 +12,8 @@ ansible-lint==4.1.0 \ --hash=sha256:9430ea6e654ba4bf5b9c6921efc040f46cda9c4fd2896a99ff71d21037bcb123 \ --hash=sha256:c1b442b01091eca13ef11d98c3376e9489ba5b69a8467828ca86044f384bc0a1 \ # via molecule -ansible==2.6.18 \ - --hash=sha256:588e4d85ec21cddf959a66cbe62bbfcff6236a1cd44b1264b14a19d34b8dffdf +ansible==2.6.19 \ + --hash=sha256:dbcfc9ddf620d05e1147b4c713738045a67c32be7260b11cbdbd84e92b77ca06 anyconfig==0.9.7 \ --hash=sha256:4d6016ae6eecc5e502bc7e99ae0639c5710c5c67bde5f21b06b9eaafd9ce0e7e \ # via molecule From 34e69e45e3d7fcd8116990b2951b24c15abb35a7 Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Fri, 27 Sep 2019 12:47:28 -0700 Subject: [PATCH 10/10] Clarifications on diff review in PR template During review of #4865, I misinterpreted the new checkboxes as a sequential list, rather than an either/or choice. Adding a small clarification to prevent future misunderstandings. =) --- .github/PULL_REQUEST_TEMPLATE.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 1e6a9369aa..459466e213 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -44,5 +44,7 @@ Any special considerations for deployment? Consider both: ### If you added or updated a code dependency: +Choose one of the following: + - [ ] I have performed a diff review and pasted the contents to [the packaging wiki](https://github.com/freedomofpress/securedrop-debian-packaging/wiki) - [ ] I would like someone else to do the diff review