Merge pull request #3697 from AlanCoding/conservative_upgrades

Apply critical dependency upgrades

Reviewed-by: Alan Rominger <arominge@redhat.com>
             https://github.com/AlanCoding

awx/__init__.py

@@ -37,9 +37,9 @@ if HAS_DJANGO is True:
     # This line exists to make sure we don't regress on FIPS support if we
     # upgrade Django; if you're upgrading Django and see this error,
     # update the version check below, and confirm that FIPS still works.
-    if django.__version__ != '1.11.16':
-        raise RuntimeError("Django version other than 1.11.16 detected {}. \
-                Subclassing BaseDatabaseSchemaEditor is known to work for Django 1.11.16 \
+    if django.__version__ != '1.11.20':
+        raise RuntimeError("Django version other than 1.11.20 detected {}. \
+                Subclassing BaseDatabaseSchemaEditor is known to work for Django 1.11.20 \
                 and may not work in newer Django versions.".format(django.__version__))
 
 

awx/main/tests/functional/api/test_job_runtime_params.py

@@ -291,7 +291,7 @@ def test_job_launch_JT_with_validation(machine_credential, credential, deploy_jo
     kv['credentials'] = [machine_credential]  # conversion to internal value
     job_obj = deploy_jobtemplate.create_unified_job(**kv)
 
-    final_job_extra_vars = yaml.load(job_obj.extra_vars)
+    final_job_extra_vars = yaml.safe_load(job_obj.extra_vars)
     assert 'job_launch_var' in final_job_extra_vars
     assert 'job_template_var' in final_job_extra_vars
     assert set([cred.pk for cred in job_obj.credentials.all()]) == set([machine_credential.id, credential.id])

awx/main/tests/unit/test_tasks.py

@@ -172,7 +172,7 @@ def test_openstack_client_config_generation(mocker, source, expected, private_da
         'ansible_virtualenv_path': '/venv/foo'
     })
     cloud_config = update.build_private_data(inventory_update, private_data_dir)
-    cloud_credential = yaml.load(
+    cloud_credential = yaml.safe_load(
         cloud_config.get('credentials')[credential]
     )
     assert cloud_credential['clouds'] == {
@@ -215,7 +215,7 @@ def test_openstack_client_config_generation_with_private_source_vars(mocker, sou
     })
     cloud_config = update.build_private_data(inventory_update, private_data_dir)
     cloud_credential = yaml.load(
-        cloud_config.get('credentials')[credential]
+        cloud_config.get('credentials')[credential], Loader=SafeLoader
     )
     assert cloud_credential['clouds'] == {
         'devstack': {
@@ -249,7 +249,7 @@ def parse_extra_vars(args):
     for chunk in args:
         if chunk.startswith('@/tmp/'):
             with open(chunk.strip('@'), 'r') as f:
-                extra_vars.update(yaml.load(f, SafeLoader))
+                extra_vars.update(yaml.load(f, Loader=SafeLoader))
     return extra_vars
 
 
@@ -268,7 +268,7 @@ class TestExtraVarSanitation(TestJobExecution):
         task.build_extra_vars_file(job, private_data_dir, {})
 
         fd = open(os.path.join(private_data_dir, 'env', 'extravars'))
-        extra_vars = yaml.load(fd, SafeLoader)
+        extra_vars = yaml.load(fd, Loader=SafeLoader)
 
         # ensure that strings are marked as unsafe
         for unsafe in ['awx_job_template_name', 'tower_job_template_name',
@@ -292,7 +292,7 @@ class TestExtraVarSanitation(TestJobExecution):
         task.build_extra_vars_file(job, private_data_dir, {})
 
         fd = open(os.path.join(private_data_dir, 'env', 'extravars'))
-        extra_vars = yaml.load(fd, SafeLoader)
+        extra_vars = yaml.load(fd, Loader=SafeLoader)
         assert extra_vars['msg'] == self.UNSAFE
         assert hasattr(extra_vars['msg'], '__UNSAFE__')
 
@@ -303,7 +303,7 @@ class TestExtraVarSanitation(TestJobExecution):
         task.build_extra_vars_file(job, private_data_dir, {})
 
         fd = open(os.path.join(private_data_dir, 'env', 'extravars'))
-        extra_vars = yaml.load(fd, SafeLoader)
+        extra_vars = yaml.load(fd, Loader=SafeLoader)
         assert extra_vars['msg'] == {'a': [self.UNSAFE]}
         assert hasattr(extra_vars['msg']['a'][0], '__UNSAFE__')
 
@@ -314,7 +314,7 @@ class TestExtraVarSanitation(TestJobExecution):
         task.build_extra_vars_file(job, private_data_dir, {})
 
         fd = open(os.path.join(private_data_dir, 'env', 'extravars'))
-        extra_vars = yaml.load(fd, SafeLoader)
+        extra_vars = yaml.load(fd, Loader=SafeLoader)
         assert extra_vars['msg'] == self.UNSAFE
         assert not hasattr(extra_vars['msg'], '__UNSAFE__')
 
@@ -326,7 +326,7 @@ class TestExtraVarSanitation(TestJobExecution):
         task.build_extra_vars_file(job, private_data_dir, {})
 
         fd = open(os.path.join(private_data_dir, 'env', 'extravars'))
-        extra_vars = yaml.load(fd, SafeLoader)
+        extra_vars = yaml.load(fd, Loader=SafeLoader)
         assert extra_vars['msg'] == {'a': {'b': [self.UNSAFE]}}
         assert not hasattr(extra_vars['msg']['a']['b'][0], '__UNSAFE__')
 
@@ -343,7 +343,7 @@ class TestExtraVarSanitation(TestJobExecution):
         task.build_extra_vars_file(job, private_data_dir, {})
 
         fd = open(os.path.join(private_data_dir, 'env', 'extravars'))
-        extra_vars = yaml.load(fd, SafeLoader)
+        extra_vars = yaml.load(fd, Loader=SafeLoader)
         assert extra_vars['msg'] == 'other-value'
         assert hasattr(extra_vars['msg'], '__UNSAFE__')
 
@@ -358,7 +358,7 @@ class TestExtraVarSanitation(TestJobExecution):
         task.build_extra_vars_file(job, private_data_dir, {})
 
         fd = open(os.path.join(private_data_dir, 'env', 'extravars'))
-        extra_vars = yaml.load(fd, SafeLoader)
+        extra_vars = yaml.load(fd, Loader=SafeLoader)
         assert extra_vars['msg'] == self.UNSAFE
         assert hasattr(extra_vars['msg'], '__UNSAFE__')
 

awx/main/tests/unit/utils/test_common.py

@@ -59,7 +59,7 @@ class TestParserExceptions:
     @staticmethod
     def yaml_error(data):
         try:
-            yaml.load(data)
+            yaml.safe_load(data)
             return None
         except Exception as e:
             return str(e)

awx/wsgi.py

@@ -41,10 +41,10 @@ if social_django.__version__ != '2.1.0':
             still works".format(social_django.__version__))
 
 
-if django.__version__ != '1.11.16':
-    raise RuntimeError("Django version other than 1.11.16 detected {}. \
+if django.__version__ != '1.11.20':
+    raise RuntimeError("Django version other than 1.11.20 detected {}. \
             Inherit from WSGIHandler to support short-circuit Django Middleware. \
-            This is known to work for Django 1.11.16 and may not work with other, \
+            This is known to work for Django 1.11.20 and may not work with other, \
             even minor, versions.".format(django.__version__))
 
 

requirements/requirements.in

@@ -8,7 +8,7 @@ channels==1.1.8
 celery==4.2.1
 daphne==1.3.0   # Last before backwards-incompatible channels 2 upgrade
 defusedxml==0.5.0  # py36 support https://github.com/tiran/defusedxml/pull/4
-Django==1.11.16
+Django==1.11.20
 django-auth-ldap==1.7.0
 django-cors-headers==2.4.0
 django-crum==0.7.2

requirements/requirements.txt

@@ -26,7 +26,7 @@ cffi==1.12.1              # via cryptography
 channels==1.1.8
 chardet==3.0.4            # via requests
 constantly==15.1.0        # via twisted
-cryptography==2.5         # via adal, azure-keyvault, pyopenssl
+cryptography==2.6.1       # via adal, azure-keyvault, pyopenssl
 daphne==1.3.0
 defusedxml==0.5.0
 django-auth-ldap==1.7.0
@@ -41,7 +41,7 @@ django-radius==1.3.3
 django-solo==1.1.3
 django-split-settings==0.3.0
 django-taggit==0.22.2
-django==1.11.16
+django==1.11.20
 djangorestframework-yaml==1.0.3
 djangorestframework==3.7.7
 future==0.16.0            # via django-radius
@@ -96,7 +96,7 @@ python-radius==1.0
 python3-openid==3.1.0     # via social-auth-core
 python3-saml==1.4.0
 pytz==2018.9              # via celery, django, irc, tempora, twilio
-pyyaml==3.13              # via djangorestframework-yaml
+pyyaml==5.1               # via djangorestframework-yaml
 requests-futures==0.9.7
 requests-oauthlib==1.2.0  # via msrest, social-auth-core
 requests[security]==2.21.0
@@ -121,5 +121,5 @@ xmlsec==1.3.3             # via python3-saml
 zope.interface==4.6.0     # via twisted
 
 # The following packages are considered to be unsafe in a requirements file:
-# pip
-# setuptools
+pip==19.0.3
+setuptools==41.0.0

requirements/requirements_ansible.txt

@@ -44,7 +44,7 @@ cffi==1.11.5              # via bcrypt, cryptography, pynacl
 chardet==3.0.4            # via requests
 colorama==0.3.9           # via azure-cli-core, knack
 configparser==3.5.0       # via entrypoints
-cryptography==2.1.4       # via adal, azure-keyvault, azure-storage, paramiko, pyopenssl, requests-kerberos, requests-ntlm, secretstorage
+cryptography==2.6.1       # via adal, azure-keyvault, azure-storage, paramiko, pyopenssl, requests-kerberos, requests-ntlm, secretstorage
 decorator==4.2.1          # via openstacksdk
 deprecation==2.0          # via openstacksdk
 docutils==0.14            # via botocore
@@ -79,7 +79,7 @@ openstacksdk==0.23.0
 os-service-types==1.2.0   # via openstacksdk
 ovirt-engine-sdk-python==4.2.4
 packaging==17.1
-paramiko==2.4.0           # via azure-cli-core, ncclient
+paramiko==2.4.2           # via azure-cli-core, ncclient
 pbr==3.1.1                # via keystoneauth1, openstacksdk, os-service-types, stevedore
 pexpect==4.6.0
 psutil==5.4.3
@@ -97,7 +97,7 @@ pyparsing==2.2.0          # via packaging
 python-dateutil==2.6.1    # via adal, azure-storage, botocore
 pyvmomi==6.5
 pywinrm[kerberos]==0.3.0
-pyyaml==3.12              # via azure-cli-core, knack, openstacksdk, os-client-config
+pyyaml==5.1               # via azure-cli-core, knack, openstacksdk, os-client-config
 requests-credssp==0.1.0
 requests-kerberos==0.12.0  # via pywinrm
 requests-ntlm==1.1.0      # via pywinrm