saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-16 09:40:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
117424 commits 34 branches 292 tags 802 MiB
Commit graph

49 commits

Author SHA1 Message Date
Pedro Algarvio
53aafe7eba Bump to pyyaml==6.0.1 due to https://github.com/yaml/pyyaml/issues/601 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2023-07-18 14:21:40 +01:00
Pedro Algarvio
5b2e752d5e Bump to cryptography==41.0.2 to address GHSA-cf7p-gm2m-833m 
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.
References:

https://nvd.nist.gov/vuln/detail/CVE-2023-38325
[https://github.com/pyca/cryptography/issues/9207](pyca/cryptography#9207)
[https://github.com/pyca/cryptography/issues/9208](pyca/cryptography#9208)
[https://github.com/pyca/cryptography/compare/41.0.1...41.0.2](pyca/cryptography@41.0.1...41.0.2)
https://pypi.org/project/cryptography/#history
[1ca7adc97b](pyca/cryptography@1ca7adc)

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2023-07-16 17:44:45 -07:00
Pedro Algarvio
3d097b8ed5 Upgrade to cryptography==41.0.1(and therefor pyopenssl==23.2.0 due to https://github.com/advisories/GHSA-5cpq-8wj7-hf2v 
This only really impacts pip installs of Salt and the windows onedir
since the linux and macos onedir build every package dependency from
source, not from pre-existing wheels.

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2023-07-06 18:04:43 +01:00
Pedro Algarvio
3ae4e2aba5 Add wempy template library to CI requirements now that it supports Py3 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2023-05-31 14:39:59 +00:00
Megan Wilhite
dc8baed208 Update requests 2023-05-29 18:08:57 +01:00
Pedro Algarvio
4112f05b77 Bump to sqlparse>=0.4.4 due to https://github.com/advisories/GHSA-rrm6-wvj7-cwh2 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2023-04-25 12:14:52 +01:00
Twangboy
e5c58d9ab9 Bump pyzmq to 25.0.2 on Windows 2023-04-13 12:32:43 +01:00
Twangboy
a32b2f82db Remove mako from Windows and MacOS 2023-04-04 08:33:30 +01:00
Pedro Algarvio
9a32f14e41 Upgrade to pyopenssl==23.0.0 due to the cryptography upgrade. 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2023-03-22 15:08:20 +00:00
Pedro Algarvio
5e7d4e3021 Upgrade to cryptography>=39.0.1 
Due to:
  * GHSA-x4qr-2fvf-3mr5
  * GHSA-w7pp-m8wf-vj6r

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2023-03-22 15:08:20 +00:00
Pedro Algarvio
c63e801603 Match the pytest-salt-factories version to the other requirements 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2023-02-23 05:49:08 +00:00
Pedro Algarvio
4b708715f2 Upgrade to werkzeug==2.2.3 
This addresses:
  * https://github.com/advisories/GHSA-px8h-6qxv-m22q
  * https://github.com/advisories/GHSA-xg9f-g7g7-2323

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2023-02-23 05:49:08 +00:00
Daniel A. Wozniak
990728fe46 Bump pyzmq to latest version on Windows 2023-02-15 14:24:35 -07:00
Pedro Algarvio
3fa827925f Fix pre-commit by changing the pyzmq requirements. 
It's now `pyzmq>=20.0.0` on all platforms, and `<=22.0.3` just for windows.

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2023-02-09 05:37:59 +00:00
Pedro Algarvio
cea048be5f Update docs related requirements 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2023-02-04 14:11:36 +00:00
Pedro Algarvio
6acef263b1 Stop triggering the jinja2.contextfunction deprecation warning 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2023-01-18 11:54:43 +00:00
Pedro Algarvio
5a0fd275eb Update setptoctitle requirements to stop getting the PY_SSIZE_T_CLEAN warning 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2023-01-18 11:54:43 +00:00
Pedro Algarvio
e8b8df84bd Match CI requirements to those of PKG 2023-01-17 06:42:27 +00:00
Pedro Algarvio
4ecfd3d3d5 Use packaging for version parsing. looseversion when needed only. 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2023-01-09 12:31:51 -07:00
Twangboy
ec7926b662
Fix pre-commit 2023-01-03 09:00:00 -07:00
Twangboy
2eb4c90f40
Update pythonnet to 3.0.1 to support Python 3.10 2023-01-03 08:59:54 -07:00
Pedro Algarvio
e47e47a7e6 Bump to gitpython==3.1.30 because of https://github.com/advisories/GHSA-hcpj-qp55-gfph 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-12-31 15:02:22 +00:00
Pedro Algarvio
7969d09be9 Bump to wheel==0.38.4 due to https://github.com/advisories/GHSA-qwmp-2cf2-g9g6 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-12-28 15:49:37 +00:00
Twangboy
ca4d05043f Remove libnacl from requirements 2022-12-23 10:25:16 +00:00
David Murphy
75b1be30a6 Further cleanup, removed used of looseversion and packaging 2022-12-20 07:07:21 -07:00
David Murphy
e8441238e1 Initial removal usage of distutils and replacement with setuptools 2022-12-20 07:07:21 -07:00
Pedro Algarvio
a350c4474a Revert "Bump to pytest-salt-factories==1.0.0rc23 on Python >= 3.7" 
This reverts commit 8bd0b7dabb.
 2022-12-17 14:30:12 +00:00
Pedro Algarvio
cc91a1bf64 Bump to pytest-salt-factories==1.0.0rc23 on Python >= 3.7 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-12-15 09:17:47 -07:00
Pedro Algarvio
d93717384f Bump to certifi>=2022.12.7 
See https://github.com/advisories/GHSA-43fp-rhv2-5gv8 for additional context.

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-12-10 09:55:49 +00:00
Pedro Algarvio
183c7ed96b Fix static requirements 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-12-07 11:45:47 -07:00
Pedro Algarvio
f59bf99cda
Drop pycurl requirement, see https://github.com/saltstack/relative-environment-for-python/issues/50 
Properly compile windows requirements on Py3.10

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-12-05 05:03:44 +00:00
Pedro Algarvio
0f6b9efbea Bump to pytest-salt-factories==1.0.0rc21 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-11-07 12:22:08 -07:00
Megan Wilhite
78e8862529 Bump mako for remaining requirement files 2022-10-03 14:19:02 -06:00
Carlos Álvaro
b3c6d949ba fix: Update setproctitle version for all platforms 2022-09-01 13:33:16 -06:00
Pedro Algarvio
a1f1b6d555 Bump pygit2 requirement 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-07-22 07:24:35 +01:00
Pedro Algarvio
e3929c59d1 Bump to `pyzmq==23.2.0` for Python >=3.9 
This way we can use wheel packages on Py3.10 instead of having it build
from source.

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-07-10 09:42:59 +01:00
Pedro Algarvio
e68cd5e991 Bump to `lxml==4.9.1 to address CVE-2022-2309` 
See https://github.com/advisories/GHSA-wrxv-2j5q-m38w

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-07-08 11:29:32 +01:00
Pedro Algarvio
ab26044a9f Bump to pytest-salt-factories 1.0.0rc17 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-06-21 06:56:55 -06:00
Pedro Algarvio
f6fd24f125 Upgrade some requirements 
These requirements should be kept up-to-date as much as possible.

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-06-06 07:18:12 -06:00
Pedro Algarvio
46e6416e5b Update to `python-gnupg==0.4.8` 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-04-08 09:10:15 -04:00
Wayne Werner
f4e12fc7ba Updating msgpack version for windows 
Before it was pinned to an out of date buggy version, this should fix
some errors and inconsistencies.
 2022-04-07 15:52:57 -04:00
Thomas Phipps
062637a17e
yaml modules for working towards troubleshooting easement (#61183) 
* create a yamllint utils module. as well as a yaml module that will
eventually be yaml tools to help in troubleshooting yaml
functionality.

* included unit tests for the yaml module. also not happy about moving
from __salt__.module.function to __salt__["module.function"] for the
test to work

* added pre_render test and minor correct to heredoc in yamllint

* changelog

* fix tests running in py3.5, also try and fix pre-commit.

* attempt to fix pre-commit

* still trying to fix pre-commit.

* forgot freebsd, added yamllint to freebsd

* update adding versionadded and depends

* fix pre-commit?

* fix pre-commit

* attempt to fix pre-commit again

Co-authored-by: Megan Wilhite <mwilhite@vmware.com>
 2022-04-06 14:53:21 -04:00
Pedro Algarvio
44c67aac54 Bump `sqlparse` to 0.4.2 to address security issue 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-02-09 10:53:21 +00:00
Pedro Algarvio
75ed972d72 Update requirements to address know security vulnerabilities 
Closes #61516
Closes #61515
Closes #61514
Closes #61513
Closes #61520
Closes #61096
Closes #60944
Closes #61558
Closes #61559
Closes #61560
Closes #61561

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-02-08 06:34:43 -08:00
Pedro Algarvio
92cb1010c7 Upgrade to `pytest-salt-factories==0.912.1` 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-02-07 12:16:44 -08:00
Pedro Algarvio
2ed6d1a974 Enforce requirements and their versions consistency 
Use use the packaging requirements as version constraints to all other
requirements files which should include Salt's base requirements.

The nox sessions now don't install the base requirements since the "top"
requirements file includes the base requirements.

All of this, ensuring that the same versions are used on all of them.
 2021-09-21 13:42:53 -07:00
Pedro Algarvio
78788b4dab
Remove temporary `StateReturnAsserts` class (#60737) 
* Pin to ``pip>=20.2.4,<21.2`` on the created virtualenvs

* Use the static requirements when installing salt into the virtualenv

This should fix the freebsd failures

* ``SaltVirtualEnv`` will always use ``USE_STATIC_REQUIREMENTS=1``

* Update to ``pytest-salt-factories==0.907.x``

* Remove the temporary ``StateReturnAsserts`` class.

In the process, a few functions from the ``state`` module are now
wrapped to allow a more pythonic assertion against it's returns through
``StateReturn``.
We also introduce ``MultiStateReturn`` for full state runs.

* Update tests that relied on ``StateReturnAsserts`` or it's pytest helper function
 2021-08-16 13:03:57 -04:00
Pedro Algarvio
a46aa3a55c Bump to `urllib3==1.26.6` 
GHSA-q2q7-5pp4-w6pg

high severity

Vulnerable versions: < 1.26.5
Patched version: 1.26.5

Impact

When provided with a URL containing many @ characters in the authority component the authority regular expression exhibits
catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.

Patches

The issue has been fixed in urllib3 v1.26.5.

References

* [CVE-2021-33503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503)
* [JVNVU#92413403 (English)](https://jvn.jp/en/vu/JVNVU92413403/)
* [JVNVU#92413403 (Japanese)](https://jvn.jp/vu/JVNVU92413403/)
* [urllib3 v1.26.5](https://github.com/urllib3/urllib3/releases/tag/1.26.5)
 2021-08-02 16:13:40 -07:00
Pedro Algarvio
a0c612b453 Enable Py3.10 windows requirements 2021-07-23 13:06:52 -07:00