diff --git a/awx/__init__.py b/awx/__init__.py index be3e704a5a..0963e7fc91 100644 --- a/awx/__init__.py +++ b/awx/__init__.py @@ -37,9 +37,9 @@ if HAS_DJANGO is True: # This line exists to make sure we don't regress on FIPS support if we # upgrade Django; if you're upgrading Django and see this error, # update the version check below, and confirm that FIPS still works. - if django.__version__ != '1.11.16': - raise RuntimeError("Django version other than 1.11.16 detected {}. \ - Subclassing BaseDatabaseSchemaEditor is known to work for Django 1.11.16 \ + if django.__version__ != '1.11.20': + raise RuntimeError("Django version other than 1.11.20 detected {}. \ + Subclassing BaseDatabaseSchemaEditor is known to work for Django 1.11.20 \ and may not work in newer Django versions.".format(django.__version__)) diff --git a/awx/main/tests/functional/api/test_job_runtime_params.py b/awx/main/tests/functional/api/test_job_runtime_params.py index 340e2e3082..7a8f184476 100644 --- a/awx/main/tests/functional/api/test_job_runtime_params.py +++ b/awx/main/tests/functional/api/test_job_runtime_params.py @@ -291,7 +291,7 @@ def test_job_launch_JT_with_validation(machine_credential, credential, deploy_jo kv['credentials'] = [machine_credential] # conversion to internal value job_obj = deploy_jobtemplate.create_unified_job(**kv) - final_job_extra_vars = yaml.load(job_obj.extra_vars) + final_job_extra_vars = yaml.safe_load(job_obj.extra_vars) assert 'job_launch_var' in final_job_extra_vars assert 'job_template_var' in final_job_extra_vars assert set([cred.pk for cred in job_obj.credentials.all()]) == set([machine_credential.id, credential.id]) diff --git a/awx/main/tests/unit/test_tasks.py b/awx/main/tests/unit/test_tasks.py index 07a6959f58..4b4ac01931 100644 --- a/awx/main/tests/unit/test_tasks.py +++ b/awx/main/tests/unit/test_tasks.py @@ -172,7 +172,7 @@ def test_openstack_client_config_generation(mocker, source, expected, private_da 'ansible_virtualenv_path': '/venv/foo' }) cloud_config = update.build_private_data(inventory_update, private_data_dir) - cloud_credential = yaml.load( + cloud_credential = yaml.safe_load( cloud_config.get('credentials')[credential] ) assert cloud_credential['clouds'] == { @@ -215,7 +215,7 @@ def test_openstack_client_config_generation_with_private_source_vars(mocker, sou }) cloud_config = update.build_private_data(inventory_update, private_data_dir) cloud_credential = yaml.load( - cloud_config.get('credentials')[credential] + cloud_config.get('credentials')[credential], Loader=SafeLoader ) assert cloud_credential['clouds'] == { 'devstack': { @@ -249,7 +249,7 @@ def parse_extra_vars(args): for chunk in args: if chunk.startswith('@/tmp/'): with open(chunk.strip('@'), 'r') as f: - extra_vars.update(yaml.load(f, SafeLoader)) + extra_vars.update(yaml.load(f, Loader=SafeLoader)) return extra_vars @@ -268,7 +268,7 @@ class TestExtraVarSanitation(TestJobExecution): task.build_extra_vars_file(job, private_data_dir, {}) fd = open(os.path.join(private_data_dir, 'env', 'extravars')) - extra_vars = yaml.load(fd, SafeLoader) + extra_vars = yaml.load(fd, Loader=SafeLoader) # ensure that strings are marked as unsafe for unsafe in ['awx_job_template_name', 'tower_job_template_name', @@ -292,7 +292,7 @@ class TestExtraVarSanitation(TestJobExecution): task.build_extra_vars_file(job, private_data_dir, {}) fd = open(os.path.join(private_data_dir, 'env', 'extravars')) - extra_vars = yaml.load(fd, SafeLoader) + extra_vars = yaml.load(fd, Loader=SafeLoader) assert extra_vars['msg'] == self.UNSAFE assert hasattr(extra_vars['msg'], '__UNSAFE__') @@ -303,7 +303,7 @@ class TestExtraVarSanitation(TestJobExecution): task.build_extra_vars_file(job, private_data_dir, {}) fd = open(os.path.join(private_data_dir, 'env', 'extravars')) - extra_vars = yaml.load(fd, SafeLoader) + extra_vars = yaml.load(fd, Loader=SafeLoader) assert extra_vars['msg'] == {'a': [self.UNSAFE]} assert hasattr(extra_vars['msg']['a'][0], '__UNSAFE__') @@ -314,7 +314,7 @@ class TestExtraVarSanitation(TestJobExecution): task.build_extra_vars_file(job, private_data_dir, {}) fd = open(os.path.join(private_data_dir, 'env', 'extravars')) - extra_vars = yaml.load(fd, SafeLoader) + extra_vars = yaml.load(fd, Loader=SafeLoader) assert extra_vars['msg'] == self.UNSAFE assert not hasattr(extra_vars['msg'], '__UNSAFE__') @@ -326,7 +326,7 @@ class TestExtraVarSanitation(TestJobExecution): task.build_extra_vars_file(job, private_data_dir, {}) fd = open(os.path.join(private_data_dir, 'env', 'extravars')) - extra_vars = yaml.load(fd, SafeLoader) + extra_vars = yaml.load(fd, Loader=SafeLoader) assert extra_vars['msg'] == {'a': {'b': [self.UNSAFE]}} assert not hasattr(extra_vars['msg']['a']['b'][0], '__UNSAFE__') @@ -343,7 +343,7 @@ class TestExtraVarSanitation(TestJobExecution): task.build_extra_vars_file(job, private_data_dir, {}) fd = open(os.path.join(private_data_dir, 'env', 'extravars')) - extra_vars = yaml.load(fd, SafeLoader) + extra_vars = yaml.load(fd, Loader=SafeLoader) assert extra_vars['msg'] == 'other-value' assert hasattr(extra_vars['msg'], '__UNSAFE__') @@ -358,7 +358,7 @@ class TestExtraVarSanitation(TestJobExecution): task.build_extra_vars_file(job, private_data_dir, {}) fd = open(os.path.join(private_data_dir, 'env', 'extravars')) - extra_vars = yaml.load(fd, SafeLoader) + extra_vars = yaml.load(fd, Loader=SafeLoader) assert extra_vars['msg'] == self.UNSAFE assert hasattr(extra_vars['msg'], '__UNSAFE__') diff --git a/awx/main/tests/unit/utils/test_common.py b/awx/main/tests/unit/utils/test_common.py index 6568b1b486..bfd10a795a 100644 --- a/awx/main/tests/unit/utils/test_common.py +++ b/awx/main/tests/unit/utils/test_common.py @@ -59,7 +59,7 @@ class TestParserExceptions: @staticmethod def yaml_error(data): try: - yaml.load(data) + yaml.safe_load(data) return None except Exception as e: return str(e) diff --git a/awx/wsgi.py b/awx/wsgi.py index b18eac744b..656c96460b 100644 --- a/awx/wsgi.py +++ b/awx/wsgi.py @@ -41,10 +41,10 @@ if social_django.__version__ != '2.1.0': still works".format(social_django.__version__)) -if django.__version__ != '1.11.16': - raise RuntimeError("Django version other than 1.11.16 detected {}. \ +if django.__version__ != '1.11.20': + raise RuntimeError("Django version other than 1.11.20 detected {}. \ Inherit from WSGIHandler to support short-circuit Django Middleware. \ - This is known to work for Django 1.11.16 and may not work with other, \ + This is known to work for Django 1.11.20 and may not work with other, \ even minor, versions.".format(django.__version__)) diff --git a/docs/licenses/paramiko-2.4.0.tar.gz b/docs/licenses/paramiko-2.4.0.tar.gz deleted file mode 100644 index 122851df92..0000000000 Binary files a/docs/licenses/paramiko-2.4.0.tar.gz and /dev/null differ diff --git a/docs/licenses/paramiko-2.4.2.tar.gz b/docs/licenses/paramiko-2.4.2.tar.gz new file mode 100644 index 0000000000..e11266ef64 Binary files /dev/null and b/docs/licenses/paramiko-2.4.2.tar.gz differ diff --git a/requirements/requirements.in b/requirements/requirements.in index b6d0cd59a9..63c8594af6 100644 --- a/requirements/requirements.in +++ b/requirements/requirements.in @@ -8,7 +8,7 @@ channels==1.1.8 celery==4.2.1 daphne==1.3.0 # Last before backwards-incompatible channels 2 upgrade defusedxml==0.5.0 # py36 support https://github.com/tiran/defusedxml/pull/4 -Django==1.11.16 +Django==1.11.20 django-auth-ldap==1.7.0 django-cors-headers==2.4.0 django-crum==0.7.2 @@ -24,7 +24,7 @@ django-taggit==0.22.2 djangorestframework==3.7.7 djangorestframework-yaml==1.0.3 irc==16.2 -jinja2==2.10 +jinja2==2.10.1 jsonschema==2.6.0 Markdown==2.6.11 # used for formatting API help ordereddict==1.1 diff --git a/requirements/requirements.txt b/requirements/requirements.txt index 0c6a7fddb3..f2ee55c5d3 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -26,7 +26,7 @@ cffi==1.12.1 # via cryptography channels==1.1.8 chardet==3.0.4 # via requests constantly==15.1.0 # via twisted -cryptography==2.5 # via adal, azure-keyvault, pyopenssl +cryptography==2.6.1 # via adal, azure-keyvault, pyopenssl daphne==1.3.0 defusedxml==0.5.0 django-auth-ldap==1.7.0 @@ -41,7 +41,7 @@ django-radius==1.3.3 django-solo==1.1.3 django-split-settings==0.3.0 django-taggit==0.22.2 -django==1.11.16 +django==1.11.20 djangorestframework-yaml==1.0.3 djangorestframework==3.7.7 future==0.16.0 # via django-radius @@ -58,7 +58,7 @@ jaraco.itertools==4.4.1 # via irc jaraco.logging==2.0 # via irc jaraco.stream==2.0 # via irc jaraco.text==2.0 # via irc, jaraco.collections -jinja2==2.10 +jinja2==2.10.1 jsonpickle==1.1 # via asgi-amqp jsonschema==2.6.0 kombu==4.2.1 # via asgi-amqp, celery @@ -96,7 +96,7 @@ python-radius==1.0 python3-openid==3.1.0 # via social-auth-core python3-saml==1.4.0 pytz==2018.9 # via celery, django, irc, tempora, twilio -pyyaml==3.13 # via djangorestframework-yaml +pyyaml==5.1 # via djangorestframework-yaml requests-futures==0.9.7 requests-oauthlib==1.2.0 # via msrest, social-auth-core requests[security]==2.21.0 diff --git a/requirements/requirements_ansible.in b/requirements/requirements_ansible.in index f5a212c9ba..3b44e9c941 100644 --- a/requirements/requirements_ansible.in +++ b/requirements/requirements_ansible.in @@ -31,7 +31,7 @@ azure-graphrbac==0.40.0 boto==2.47.0 # last which does not break ec2 scripts boto3==1.6.2 google-auth==1.6.2 # needed for gce inventory imports -jinja2==2.10 # required for native jinja2 types for inventory compat mode +jinja2==2.10.1 # required for native jinja2 types for inventory compat mode # netconf for network modules ncclient==0.6.3 # netaddr filter diff --git a/requirements/requirements_ansible.txt b/requirements/requirements_ansible.txt index f784719888..f29d8dc153 100644 --- a/requirements/requirements_ansible.txt +++ b/requirements/requirements_ansible.txt @@ -44,7 +44,7 @@ cffi==1.11.5 # via bcrypt, cryptography, pynacl chardet==3.0.4 # via requests colorama==0.3.9 # via azure-cli-core, knack configparser==3.5.0 # via entrypoints -cryptography==2.1.4 # via adal, azure-keyvault, azure-storage, paramiko, pyopenssl, requests-kerberos, requests-ntlm, secretstorage +cryptography==2.6.1 # via adal, azure-keyvault, azure-storage, paramiko, pyopenssl, requests-kerberos, requests-ntlm, secretstorage decorator==4.2.1 # via openstacksdk deprecation==2.0 # via openstacksdk docutils==0.14 # via botocore @@ -58,7 +58,7 @@ idna==2.6 # via cryptography, requests ipaddress==1.0.19 # via cryptography, openstacksdk iso8601==0.1.12 # via keystoneauth1, openstacksdk isodate==0.6.0 # via msrest -jinja2==2.10 +jinja2==2.10.1 jmespath==0.9.3 # via azure-cli-core, boto3, botocore, knack, openstacksdk jsonpatch==1.21 # via openstacksdk jsonpointer==2.0 # via jsonpatch @@ -79,7 +79,7 @@ openstacksdk==0.23.0 os-service-types==1.2.0 # via openstacksdk ovirt-engine-sdk-python==4.2.4 packaging==17.1 -paramiko==2.4.0 # via azure-cli-core, ncclient +paramiko==2.4.2 # via azure-cli-core, ncclient pbr==3.1.1 # via keystoneauth1, openstacksdk, os-service-types, stevedore pexpect==4.6.0 psutil==5.4.3 @@ -97,7 +97,7 @@ pyparsing==2.2.0 # via packaging python-dateutil==2.6.1 # via adal, azure-storage, botocore pyvmomi==6.5 pywinrm[kerberos]==0.3.0 -pyyaml==3.12 # via azure-cli-core, knack, openstacksdk, os-client-config +pyyaml==5.1 # via azure-cli-core, knack, openstacksdk, os-client-config requests-credssp==0.1.0 requests-kerberos==0.12.0 # via pywinrm requests-ntlm==1.1.0 # via pywinrm