From fd5befee38b352cf64b8d18e488751f69f97818b Mon Sep 17 00:00:00 2001 From: Maxime Beauchemin Date: Tue, 28 May 2019 21:03:49 -0700 Subject: [PATCH] Bump python libs, address insecure releases (#7550) * Bump python libs, address insecure releases Using https://requires.io/github/mistercrunch/superset/requirements/?branch=apache_release_improv to identify insecure, old releases we're using and bumping. * redis <3.0 * fix new flakes --- requirements-dev.txt | 16 ++++++++-------- requirements.txt | 14 ++++++-------- setup.py | 7 +++---- superset/cli.py | 2 +- superset/views/core.py | 8 ++++---- tests/db_engine_specs_test.py | 2 +- tests/viz_tests.py | 8 ++++---- 7 files changed, 27 insertions(+), 30 deletions(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 4b08ec4e43a54..7059084678669 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -16,22 +16,22 @@ # coverage==4.5.3 flake8-commas==2.0.0 -flake8-import-order==0.18 +flake8-import-order==0.18.1 flake8-mypy==17.8.0 -flake8-quotes==1.0.0 -flake8==3.6.0 -flask-cors==3.0.6 -ipdb==0.11 +flake8-quotes==2.0.1 +flake8==3.7.7 +flask-cors==3.0.7 +ipdb==0.12 mypy==0.670 mysqlclient==1.4.2.post1 nose==1.3.7 -pip-tools==3.5.0 +pip-tools==3.7.0 psycopg2-binary==2.7.5 -pycodestyle==2.4.0 +pycodestyle==2.5.0 pyhive==0.6.1 pylint==1.9.2 python-dotenv==0.10.1 redis==2.10.6 statsd==3.3.0 thrift==0.11.0 -tox==3.5.3 +tox==3.11.1 diff --git a/requirements.txt b/requirements.txt index 33c6441acc6d6..3b88de6103643 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,9 +2,8 @@ # This file is autogenerated by pip-compile # To update, run: # -# pip-compile --output-file requirements.txt setup.py +# pip-compile --output-file=requirements.txt setup.py # - alembic==1.0.0 # via flask-migrate amqp==2.3.2 # via kombu apispec[yaml]==1.2.0 # via flask-appbuilder @@ -42,7 +41,7 @@ humanize==0.5.1 idna==2.6 isodate==0.6.0 itsdangerous==0.24 # via flask -jinja2==2.10 # via flask, flask-babel +jinja2==2.10.1 # via flask, flask-babel jsonschema==3.0.1 # via flask-appbuilder kombu==4.2.1 # via celery mako==1.0.7 # via alembic @@ -68,17 +67,16 @@ python-editor==1.0.3 # via alembic python-geohash==0.8.5 python3-openid==3.1.0 # via flask-openid pytz==2018.5 # via babel, celery, pandas -pyyaml==3.13 -requests==2.20.0 +pyyaml==5.1 +requests==2.22.0 retry==0.9.2 selenium==3.141.0 simplejson==3.15.0 six==1.11.0 # via bleach, cryptography, flask-jwt-extended, flask-talisman, isodate, jsonschema, pathlib2, polyline, prison, pydruid, pyrsistent, python-dateutil, sqlalchemy-utils, wtforms-json -sqlalchemy-utils==0.32.21 +sqlalchemy-utils==0.33.11 sqlalchemy==1.3.1 sqlparse==0.2.4 -unicodecsv==0.14.1 -urllib3==1.22 # via requests, selenium +urllib3==1.24.3 # via requests, selenium vine==1.1.4 # via amqp webencodings==0.5.1 # via bleach werkzeug==0.14.1 # via flask, flask-jwt-extended diff --git a/setup.py b/setup.py index 6fc74880b4784..fc91ea484d59c 100644 --- a/setup.py +++ b/setup.py @@ -97,15 +97,14 @@ def get_git_sha(): 'python-dateutil', 'python-dotenv', 'python-geohash', - 'pyyaml>=3.13', - 'requests>=2.20.0', + 'pyyaml>=5.1', + 'requests>=2.22.0', 'retry>=0.9.2', 'selenium>=3.141.0', 'simplejson>=3.15.0', 'sqlalchemy>=1.3.1,<2.0', - 'sqlalchemy-utils', + 'sqlalchemy-utils>=0.33.2', 'sqlparse', - 'unicodecsv', 'wtforms-json', ], extras_require={ diff --git a/superset/cli.py b/superset/cli.py index edb0102400571..6691b0148f8f0 100755 --- a/superset/cli.py +++ b/superset/cli.py @@ -132,7 +132,7 @@ def load_examples(load_test_data): @click.option('--datasource', '-d', help='Specify which datasource name to load, if ' 'omitted, all datasources will be refreshed') @click.option('--merge', '-m', is_flag=True, default=False, - help='Specify using \'merge\' property during operation. ' + help="Specify using 'merge' property during operation. " 'Default value is False.') def refresh_druid(datasource, merge): """Refresh druid datasources""" diff --git a/superset/views/core.py b/superset/views/core.py index 0a6ddefa18e04..d8a3692c24404 100755 --- a/superset/views/core.py +++ b/superset/views/core.py @@ -1340,12 +1340,12 @@ def explore(self, datasource_type=None, datasource_id=None): if action == 'overwrite' and not slice_overwrite_perm: return json_error_response( - _('You don\'t have the rights to ') + _('alter this ') + _('chart'), + _("You don't have the rights to ") + _('alter this ') + _('chart'), status=400) if action == 'saveas' and not slice_add_perm: return json_error_response( - _('You don\'t have the rights to ') + _('create a ') + _('chart'), + _("You don't have the rights to ") + _('create a ') + _('chart'), status=400) if action in ('saveas', 'overwrite'): @@ -1452,7 +1452,7 @@ def save_or_overwrite_slice( dash_overwrite_perm = check_ownership(dash, raise_if_false=False) if not dash_overwrite_perm: return json_error_response( - _('You don\'t have the rights to ') + _('alter this ') + + _("You don't have the rights to ") + _('alter this ') + _('dashboard'), status=400) @@ -1466,7 +1466,7 @@ def save_or_overwrite_slice( dash_add_perm = security_manager.can_access('can_add', 'DashboardModelView') if not dash_add_perm: return json_error_response( - _('You don\'t have the rights to ') + _('create a ') + _('dashboard'), + _("You don't have the rights to ") + _('create a ') + _('dashboard'), status=400) dash = models.Dashboard( diff --git a/tests/db_engine_specs_test.py b/tests/db_engine_specs_test.py index e190014e1e909..0372366a2a48e 100644 --- a/tests/db_engine_specs_test.py +++ b/tests/db_engine_specs_test.py @@ -108,7 +108,7 @@ def test_hive_error_msg(self): '{...} errorMessage="Error while compiling statement: FAILED: ' 'SemanticException [Error 10001]: Line 4' ':5 Table not found \'fact_ridesfdslakj\'", statusCode=3, ' - 'sqlState=\'42S02\', errorCode=10001)){...}') + "sqlState='42S02', errorCode=10001)){...}") self.assertEquals(( 'Error while compiling statement: FAILED: ' 'SemanticException [Error 10001]: Line 4:5 ' diff --git a/tests/viz_tests.py b/tests/viz_tests.py index facb8c3a1525d..7c7875dbf7071 100644 --- a/tests/viz_tests.py +++ b/tests/viz_tests.py @@ -258,7 +258,7 @@ def test_parse_adhoc_filters(self): { 'expressionType': 'SQL', 'clause': 'WHERE', - 'sqlExpression': 'value3 in (\'North America\')', + 'sqlExpression': "value3 in ('North America')", }, ], } @@ -273,7 +273,7 @@ def test_parse_adhoc_filters(self): [{'op': '<', 'val': '10', 'col': 'SUM(value1)'}], query_obj['extras']['having_druid'], ) - self.assertEqual('(value3 in (\'North America\'))', query_obj['extras']['where']) + self.assertEqual("(value3 in ('North America'))", query_obj['extras']['where']) self.assertEqual('(SUM(value1) > 5)', query_obj['extras']['having']) def test_adhoc_filters_overwrite_legacy_filters(self): @@ -295,7 +295,7 @@ def test_adhoc_filters_overwrite_legacy_filters(self): { 'expressionType': 'SQL', 'clause': 'WHERE', - 'sqlExpression': 'value3 in (\'North America\')', + 'sqlExpression': "value3 in ('North America')", }, ], 'having': 'SUM(value1) > 5', @@ -311,7 +311,7 @@ def test_adhoc_filters_overwrite_legacy_filters(self): [], query_obj['extras']['having_druid'], ) - self.assertEqual('(value3 in (\'North America\'))', query_obj['extras']['where']) + self.assertEqual("(value3 in ('North America'))", query_obj['extras']['where']) self.assertEqual('', query_obj['extras']['having']) @patch('superset.viz.BaseViz.query_obj')