saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
115776 commits 34 branches 292 tags 803 MiB
Commit graph

43 commits

Author SHA1 Message Date
David Murphy
e8441238e1 Initial removal usage of distutils and replacement with setuptools 2022-12-20 07:07:21 -07:00
Pedro Algarvio
d93717384f Bump to certifi>=2022.12.7 
See https://github.com/advisories/GHSA-43fp-rhv2-5gv8 for additional context.

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-12-10 09:55:49 +00:00
Gareth J. Greenaway
377d985e31 removing cached-propery from py3.9/docs.txt and py3.9/lint.txt 2022-12-07 09:13:55 -07:00
Gareth J. Greenaway
4212c320e6 Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation 2022-12-07 09:13:55 -07:00
Gareth J. Greenaway
7dcafc60d2
Merge pull request #63194 from s0undt3ch/hotfix/pycurl 
Drop `pycurl` requirement, see https://github.com/saltstack/relative-environment-for-python/issues/50
 2022-12-06 15:17:33 -08:00
Pedro Algarvio
f59bf99cda
Drop pycurl requirement, see https://github.com/saltstack/relative-environment-for-python/issues/50 
Properly compile windows requirements on Py3.10

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-12-05 05:03:44 +00:00
Pedro Algarvio
0d54748a67
Address pytest deprecation warnings 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-12-05 04:47:40 +00:00
Pedro Algarvio
7c9d0fa371 Bump passlib to 1.7.4 for CI testing. Include it for windows too. 2022-12-02 11:19:30 +00:00
Gareth J. Greenaway
50b76ab075 Some better handling when the device is not accessible, bumping up junos-eznc version. 2022-10-11 12:46:08 -06:00
MKLeb
58ec510d26
Merge tag 'v3005.1' into merge-forward/3005.1 
Version 3005.1
 2022-10-04 20:52:23 -04:00
Megan Wilhite
ea431b2c2f Bump oauthlib to 3.2.1 2022-10-03 11:02:28 -07:00
Megan Wilhite
863df6de7e Update mako requirement to 1.2.2 2022-09-22 15:21:26 -07:00
Gareth J. Greenaway
20fb0beb38 package jmespath 2022-09-12 12:13:00 -07:00
Megan Wilhite
fc7d0a9296
Merge freeze into master (#62438) 
* fixes saltstack/salt#62372 unable to use random shuffle and sample functions as Jinja filters

* move random_shuffle and random_sample logic to utils

* static seed in tests seems to have shifted

* static seed in tests require hash module

* Change Tiamat to onedir in release notes

* Reinstate known issues

* Update release notes with onedir package support policy

* need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result.

* Adding changelog.

* swap out if...else for double try...except.

* Remove extra fix we don't need anymore

* [Docs] include onedir system python note

* Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x

* Remove the PyObjC dependency

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>

* Add "<tiamat> python" subcommand to allow execution or arbitrary scripts via bundled Python runtime

* Document usage of bundled Python runtime for Client API

* Use explicit locals for custom script execution, handle exception in similar fashion as Python

* Remove old __file__ replacement

* Apply suggestions from code review

Co-authored-by: Pedro Algarvio <pedro@algarvio.me>

Co-authored-by: nicholasmhughes <nicholasmhughes@gmail.com>
Co-authored-by: Alyssa Rock <alyssa.rock@gmail.com>
Co-authored-by: Gareth J. Greenaway <gareth@saltstack.com>
Co-authored-by: Twangboy <leesh@vmware.com>
Co-authored-by: David Murphy < dmurphy@saltstack.com>
Co-authored-by: Pedro Algarvio <palgarvio@vmware.com>
Co-authored-by: Lukas Raska <lukas@raska.me>
Co-authored-by: Pedro Algarvio <pedro@algarvio.me>
 2022-08-08 11:27:10 -06:00
David Murphy
b63534c6e5 Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x 2022-08-05 09:05:38 -06:00
Pedro Algarvio
e3929c59d1 Bump to `pyzmq==23.2.0` for Python >=3.9 
This way we can use wheel packages on Py3.10 instead of having it build
from source.

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-07-10 09:42:59 +01:00
Pedro Algarvio
e68cd5e991 Bump to `lxml==4.9.1 to address CVE-2022-2309` 
See https://github.com/advisories/GHSA-wrxv-2j5q-m38w

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-07-08 11:29:32 +01:00
Pedro Algarvio
9bccfcf9c4 Bump to pyjwt==2.4.0 due to CVE-2022-29217 
Twilio also had to be upgraded because it was locked to the vulnerable pyjwt version.

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-06-15 12:15:36 -06:00
Pedro Algarvio
f6fd24f125 Upgrade some requirements 
These requirements should be kept up-to-date as much as possible.

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-06-06 07:18:12 -06:00
Pedro Algarvio
9983b1df09 Move test requirements to requirements files 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-06-02 07:05:09 -06:00
Caleb Beard
5a18c14b0f
Add etcd API v3 implementation (#61911) 
* add etcd3-py to CI requirements for python_version >= 3.6

* Add intial etcd3 implementation and adjust the functional tests

* adjust etcd test suite to test new v3 impl where applicable

* pre-commit fun

* add documentation for new option

* change warnings per suggestions

* change names for backwards compatibility and add back profile kwarg

* pre-commit and lint fixes

* switch docker logic in etcd sdb integration tests

* fix sdb etcd tests v2

* add ls pseudo-functionality to etcd api v3

* move towards recursive kwarg deprecation by adding recurse kwarg as preferred

* add encoding feature and other etcd client args for v3

* precommit

* add deprecations changelog and deprecate waitIndex/index kwargs in favor of start_revision

* pre-commit and revert etcd sdb tests to master version

* remove unused import

* fix mod_watch disbatching

* Make sure to warn if no profile is given and we have a possible connection error

* precommit

* Fix test failures with wrong profile

* Fix v3 -> no v2 error

Previously, when the API was v3-only, but the profile wasn't present
leading to the v2 fallback, it would 404 in certain circumstances.

We can't use a more particular exception in the `_etcd_action` because
the salt loader plays havoc with things.

Co-authored-by: Wayne Werner <wwerner@vmware.com>
Co-authored-by: Gareth J. Greenaway <gareth@saltstack.com>
 2022-05-31 07:40:35 -06:00
Pedro Algarvio
924e17f6d9 Bump to `paramiko==2.10.1 because of CVE-2022-24302` 
https://github.com/advisories/GHSA-f8q4-jwww-x3wv

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-04-08 09:10:15 -04:00
Pedro Algarvio
46e6416e5b Update to `python-gnupg==0.4.8` 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-04-08 09:10:15 -04:00
Thomas Phipps
062637a17e
yaml modules for working towards troubleshooting easement (#61183) 
* create a yamllint utils module. as well as a yaml module that will
eventually be yaml tools to help in troubleshooting yaml
functionality.

* included unit tests for the yaml module. also not happy about moving
from __salt__.module.function to __salt__["module.function"] for the
test to work

* added pre_render test and minor correct to heredoc in yamllint

* changelog

* fix tests running in py3.5, also try and fix pre-commit.

* attempt to fix pre-commit

* still trying to fix pre-commit.

* forgot freebsd, added yamllint to freebsd

* update adding versionadded and depends

* fix pre-commit?

* fix pre-commit

* attempt to fix pre-commit again

Co-authored-by: Megan Wilhite <mwilhite@vmware.com>
 2022-04-06 14:53:21 -04:00
Pedro Algarvio
eb137f185b Don't install napalm on Py3.10, it pulls `pyeapi which is not compatible with 3.10 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-02-28 08:29:49 -08:00
Thomas Phipps
4de025be39 Finalize disabling hgfs and hg_pillar tests on windows. cleanup testing 2022-02-08 10:31:15 -08:00
Thomas Phipps
72196b1c1f this wll break, but hopefully will keep windows from blowing up 2022-02-08 10:31:15 -08:00
Thomas Phipps
bc0e7ed580 remove linux only stuff 2022-02-08 10:31:15 -08:00
Thomas Phipps
ae003e466c fighting with pre-commit 2022-02-08 10:31:15 -08:00
Thomas Phipps
c80ed277f5 add hg into ci testing requirments. 2022-02-08 10:31:15 -08:00
Pedro Algarvio
75ed972d72 Update requirements to address know security vulnerabilities 
Closes #61516
Closes #61515
Closes #61514
Closes #61513
Closes #61520
Closes #61096
Closes #60944
Closes #61558
Closes #61559
Closes #61560
Closes #61561

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
 2022-02-08 06:34:43 -08:00
MKLeb
5d860e1744 bump lxml to >=4.6.5 2022-01-14 16:21:28 -08:00
Kirill Ponomarev
306aa6dd29
Update pytest to 6.2.5 for python 3.10 (#61295) 
* Update pytest to 6.2.5 for python 3.10

* bump junos-eznc to 2.6.0

* bump setproctitle version and fix integration tests

* Skip tests for python 3.10

* Fix test with py3.10

* bump jinja2 version and dependencies

* Fix test with py3.10

* Skip tests for python 3.10 and new moto version

* Use tempfile library to test perms on directories

* Maintain static requirements changes, revert `requirements/base.txt`

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>

Co-authored-by: Megan Wilhite <mwilhite@vmware.com>
Co-authored-by: Pedro Algarvio <palgarvio@vmware.com>
 2021-12-22 09:02:56 -05:00
cmcmarrow
86d7c2dd05 fix pre 2021-09-24 20:20:32 -07:00
Pedro Algarvio
0cb3e7db47 Fix docs and cloud requirements 2021-09-23 15:10:31 -07:00
Megan Wilhite
8bb4ed5b06 Fix pre-commit 2021-09-23 07:19:21 -04:00
Megan Wilhite
fb10707877
Merge 3003.3 into master (#60924) 
* Merge 3002.6 bugfix changes (#59822)

* Pass `CI_RUN` as an environment variable to the test run.

This allows us to know if we're running the test suite under a CI
environment or not and adapt/adjust if needed

* Migrate `unit.setup` to PyTest

* Backport ae36b15 just for test_install.py

* Only skip tests on CI runs

* Always store git sha in _version.py during installation

* Fix PEP440 compliance.

The wheel metadata version 1.2 states that the package version MUST be
PEP440 compliant.

This means that instead of `3002.2-511-g033c53eccb`, the salt version
string should look like `3002.2+511.g033c53eccb`, a post release of
`3002.2` ahead by 511 commits with the git sha `033c53eccb`

* Fix and migrate `tests/unit/test_version.py` to PyTest

* Skip test if `easy_install` is not available

* We also need to be PEP440 compliant when there's no git history

* Allow extra_filerefs as sanitized kwargs for SSH client

* Fix regression on cmd.run when passing tuples as cmd

Co-authored-by: Alexander Graul <agraul@suse.com>

* Add unit tests to ensure cmd.run accepts tuples

* Add unit test to check for extra_filerefs on SSH opts

* Add changelog file

* Fix comment for test case

* Fix unit test to avoid failing on Windows

* Skip failing test on windows

* Fix test to work on Windows

* Add all ssh kwargs to sanitize_kwargs method

* Run pre-commit

* Fix pylint

* Fix cmdmod loglevel and module_names tests

* Fix pre-commit

* Skip ssh tests if binary does not exist

* Use setup_loader for cmdmod test

* Prevent argument injection in restartcheck

* Add changelog for restartcheck fix

* docs_3002.6

* Add back tests removed in merge

Co-authored-by: Pedro Algarvio <pedro@algarvio.me>
Co-authored-by: Megan Wilhite <megan.wilhite@gmail.com>
Co-authored-by: Bryce Larson <brycel@vmware.com>
Co-authored-by: Pablo Suárez Hernández <psuarezhernandez@suse.com>
Co-authored-by: Alexander Graul <agraul@suse.com>
Co-authored-by: Frode Gundersen <fgundersen@saltstack.com>

* Remove glance state module in favor of glance_image

* update wording in changelog

* bump deprecation warning to Silicon.

* Updating warnutil version to Phosphorous.

* Update salt/modules/keystone.py

Co-authored-by: Megan Wilhite <megan.wilhite@gmail.com>

* Check $HOMEBREW_PREFIX when linking against libcrypto

When loading `libcrypto`, Salt checks for a Homebrew installation of `openssl`
at Homebrew's default prefix of `/usr/local`. However, on Apple Silicon Macs,
Homebrew's default installation prefix is `/opt/homebrew`. On all platforms,
the prefix is configurable.  If Salt doesn't find one of those `libcrypto`s,
it will fall back on the un-versioned `/usr/lib/libcrypto.dylib`, which will
cause the following crash:

    Application Specific Information:
    /usr/lib/libcrypto.dylib
    abort() called
    Invalid dylib load. Clients should not load the unversioned libcrypto dylib as it does not have a stable ABI.

This commit checks $HOMEBREW_PREFIX instead of hard-coding `/usr/local`.

* Add test case

* Add changelog for 59808

* Add changelog entry

* Make _find_libcrypto fail on Big Sur if it can't find a library

Right now, if `_find_libcrypto` can't find any externally-managed versions of
libcrypto, it will fall back on the pre-Catalina un-versioned system libcrypto.
This does not exist on Big Sur and it would be better to raise an exception
here rather than crashing later when trying to open it.

* Update _find_libcrypto tests

This commit simplifies the unit tests for _find_libcrypto by mocking out the
host's filesystem and testing the common libcrypto installations (brew, ports,
etc.) on Big Sur. It simplifies the tests for falling back on system versions
of libcrypto on previous versions of macOS.

* Fix description of test_find_libcrypto_with_system_before_catalina

* Patch sys.platform for test_rsax931 tests

* modules/match: add missing "minion_id" in Pillar example

The documented Pillar example for `match.filter_by` lacks the `minion_id` parameter. Without it, the assignment won't work as expected.
- fix documentation
- add tests:
  - to prove the misbehavior of the documented example
  - to prove the proper behaviour when supplying `minion_id`
  - to ensure some misbehaviour observed with compound matchers doesn't occur

* Fix for issue #59773

- When instantiating the loader grab values of grains and pillars if
  they are NamedLoaderContext instances.
- The loader uses a copy of opts.
- Impliment deepcopy on NamedLoaderContext instances.

* Add changelog for #59773

* _get_initial_pillar function returns pillar

* Fix linter issues

* Clean up test

* Bump deprecation release for neutron

* Uncomment Sulfur release name

* Removing the _ext_nodes deprecation warning and alias.

* Adding changelog.

* Renaming changelog file.

* Update 59804.removed

* Initial pass at fips_mode config option

* Fix pre-commit

* Fix tests and add changelog

* update docs 3003

* update docs 3003 - newline

* Fix warts in changelog

* update releasenotes 3003

* add ubuntu-2004-amd64 m2crypto pycryptodome and tcp tests

* add distro_arch

* changing the cloud platforms file missed in 1a9b7be0e2

* Update __utils__ calls to import utils in azure

* Add changelog for 59744

* Fix azure unit tests and move to pytest

* Use contextvars from site-packages for thin

If a contextvars package exists one of the site-packages locations use
it for the generated thin tarball. This overrides python's builtin
contextvars and allows salt-ssh to work with python <=3.6 even when the
master's python is >3.6 (Fixes #59942)

* Add regression test for #59942

* Add changelog for #59942

* Update filemap to include test_py_versions

* Fix broken thin tests

* Always install the `contextvars` backport, even on Py3.7+

Without this change, salt-ssh cannot target systems with Python <= 3.6

* Use salt-factories to handle the container. Don't override default roster

* Fix thin tests on windows

* No need to use warn log level here

* Fix getsitepackages for old virtualenv versions

* Add explicit pyobjc reqs

* Add back the passthrough stuff

* Remove a line so pre-commit will run

* Bugfix release docs

* Bugfix release docs

* Removing pip-compile log files

* Bump requirements to address a few security issues

* Address traceback on macOS

```
Traceback (most recent call last):
  File "setup.py", line 1448, in <module>
    setup(distclass=SaltDistribution)
  File "/Users/jenkins/setup-tests/.venv/lib/python3.7/site-packages/setuptools/__init__.py", line 153, in setup
    return distutils.core.setup(**attrs)
  File "/opt/salt/lib/python3.7/distutils/core.py", line 108, in setup
    _setup_distribution = dist = klass(attrs)
  File "setup.py", line 1068, in __init__
    self.update_metadata()
  File "setup.py", line 1074, in update_metadata
    attrvalue = getattr(self, attrname, None)
  File "setup.py", line 1182, in _property_install_requires
    install_requires += _parse_requirements_file(reqfile)
  File "setup.py", line 270, in _parse_requirements_file
    platform.python_version(), _parse_op(op), _parse_ver(ver)
  File "setup.py", line 247, in _check_ver
    return getattr(operator, "__{}__".format(op))(pyver, wanted)
  File "/opt/salt/lib/python3.7/distutils/version.py", line 46, in __eq__
    c = self._cmp(other)
  File "/opt/salt/lib/python3.7/distutils/version.py", line 337, in _cmp
    if self.version < other.version:
TypeError: '<' not supported between instances of 'str' and 'int'
```

* Replace `saltstack.com` with `saltproject.io` on URLs being tested

* Add back support to load old entrypoints by iterating instead of type checking

Fixes #59961

* Fix issue #59975

* Fix pillar serialization for jinja #60083

* Fix test

* Add changelog for #60083

* Update changelog and release for 3003.1

* Remove the changelog source refs

* Add connect to IPCMessageSubscriber's async_methods

Fixes #60049 by making sure an IPCMessageSubscriber that is wrapped by
SyncWrapper has a connect method that runs the coroutine rather than
returns a fugure.

* Add changelog for #60049

* Update 60049.fixed

* Fix coroutine spelling error

Co-authored-by: Wayne Werner <waynejwerner@gmail.com>

* IPC on windows cannot use socket paths

Fixes #60298

* Update Jinja2 and lxml due to security related bugfix releases

Jinja2
------

CVE-2020-28493
moderate severity
Vulnerable versions: < 2.11.3
Patched version: 2.11.3

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS vulnerability of the regex is mainly due to the sub-pattern [a-zA-Z0-9.-]+.[a-zA-Z0-9.-]+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.

lxml
----

CVE-2021-28957
moderate severity
Vulnerable versions: < 4.6.3
Patched version: 4.6.3

An XSS vulnerability was discovered in the python lxml clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.

* fix github actions jobs on branch until bullseye comes out

* Upgrade to `six==1.16.0` to avoid problems on CI runs

```
13:59:02  nox > Session invoke-pre-commit was successful.
13:59:02  nox > Running session invoke-pre-commit
13:59:02  nox > pip install --progress-bar=off -r requirements/static/ci/py3.7/invoke.txt
13:59:02  Collecting blessings==1.7
13:59:02    Using cached blessings-1.7-py3-none-any.whl (18 kB)
13:59:02  Collecting invoke==1.4.1
13:59:02    Using cached invoke-1.4.1-py3-none-any.whl (210 kB)
13:59:02  Collecting pyyaml==5.3.1
13:59:02    Using cached PyYAML-5.3.1.tar.gz (269 kB)
13:59:02  Collecting six==1.15.0
13:59:02    Using cached six-1.15.0-py2.py3-none-any.whl (10 kB)
13:59:02  Building wheels for collected packages: pyyaml
13:59:02    Building wheel for pyyaml (setup.py) ... - \ | / - \ | done
13:59:02    Created wheel for pyyaml: filename=PyYAML-5.3.1-cp37-cp37m-linux_x86_64.whl size=546391 sha256=e42e1d66cc32087f4d33ceb81268c86b59f1a97029b19459f91b8d6ad1430167
13:59:02    Stored in directory: /var/jenkins/.cache/pip/wheels/5e/03/1e/e1e954795d6f35dfc7b637fe2277bff021303bd9570ecea653
13:59:02  Successfully built pyyaml
13:59:02  Installing collected packages: six, pyyaml, invoke, blessings
13:59:02    Attempting uninstall: six
13:59:02      Found existing installation: six 1.16.0
13:59:02      Uninstalling six-1.16.0:
13:59:02  ERROR: Could not install packages due to an OSError: [Errno 2] No such file or directory: '/var/jenkins/.cache/pre-commit/repomw8oee1s/py_env-python3/lib/python3.7/site-packages/__pycache__/six.cpython-37.pyc'
13:59:02
13:59:02  nox > Command pip install --progress-bar=off -r requirements/static/ci/py3.7/invoke.txt failed with exit code 1
13:59:02  nox > Session invoke-pre-commit failed.
```

* add changelog for https://github.com/saltstack/salt/issues/59982

* Regression test for #56273

* Fix race condition in batch. #56273

* Add changelog for #56273

* Update salt/client/__init__.py

Co-authored-by: Pedro Algarvio <pedro@algarvio.me>

* Update doc for salt/client

* Update changelog/56273.fixed

Thoreau said, "Simplify, Simplify"

* Update docs

* Update docs

* Update CHANGELOG.md

* Update 3003.1.rst

* Ignore configuration for 'enable_fqdns_grains' for AIX, Solaris and Juniper

* Added changelog

* Let Mac OS Mojave run for 8 hours to avoid timeout

* Remove FreeBSD-12.2

* Use Popen for VT

* Still allow shell True

* Drop shlex split

* Add crypto re-init

* Fix pre-commit

* Do not call close in isalive

* Skip tests not valid on windows

* Cleanup things that are not really needed

* We do not support irix

* Fix pre-commit

* Remove commented out lines

* Add changelog for #60504

* Fix pre-commit issues

* pyupgrade does not remove six imports

* Fix OSErrors in some test cases

* Remove un-needed args processing

* Make state_running test more reliable

* Removing tmpfs from Fedora 33.

* Address leaks in fileserver caused by git backends

At this time we do not have the ability to fix the upstream memory leaks
in the gitfs backend providers. Work around their limitations by
periodically restarting the file server update proccess. This will at
least partially address #50313

* Remove un-used import

* Fix warts caused by black version

* Add changelog

* We don't need two changelogs

* Also pin the ``pip`` upgrade to be ``<21.2``

* Update the external ipaddress to the latest 3.9.5 version which has some security fixes.  Updating the compat.p to use the vendored version if the python version is below 3.9.5 and only run the test_ipaddress.py tests if below 3.9.5.

* Adding changelog

* Requested changes.

* Add shh_timeout to ssh_kwargs

* move to with blocks

* one with block

* reight crypto

* add back test file

* add changelog

* change log file number

* add m2crypt support

* only check m2crpto

* Delete 60571.fixed

* add back log

* add newline

* add newline for log file

* Work around https://github.com/pypa/pip/pull/9450

See https://github.com/pypa/pip/issues/10212

* Drop six and Py2

* [3003.2] Add server alive (#60573)

* add server alive

* rename log

* change default alive time

* add requested changes

* format string

* reformat string again

* run pre

* customize

* space

* remove EOF dead space

* fix pre-commit

* run pre

Co-authored-by: Megan Wilhite <megan.wilhite@gmail.com>

* Changelog for 3003.2

* Man pages update for 3003.2

* Allow CVE entries in `changelog/`

* Add security type for towncrier changelog

* Add security type for changelog entries pre-commit check

* Pin to ``pip>=20.2.4,<21.2``

Refs https://github.com/pypa/pip/pull/9450

* Drop six and Py2

* Fix bug introduced in https://github.com/saltstack/salt/pull/59648

Fixes #60046

* Add changelog

* Fix doc builds

* fix release notes about dropping ubuntu 16.04

* update file client

* add changelog file

* update changelog

* Check permissions of minion config directory

* Fix some wording in the messagebox and in comments

* Add changelog

* Fix extension for changelog

* Add missing commas. It also worked, but now is better

* docs_3003.3

* fixing version numbers in man pages.

* removing newlines.

* removing newlines.

* Fixing release notes.

* Fix changelog file for 3003.2 release

* Fix test_state test using loader.context

* Re-add test_context test

* Allow Local System account, add timestamp

* swaping the git-source for vsphere-automation-sdk-python

* Remove destroy, handled in context manager

Co-authored-by: Daniel Wozniak <dwozniak@saltstack.com>
Co-authored-by: Pedro Algarvio <pedro@algarvio.me>
Co-authored-by: Bryce Larson <brycel@vmware.com>
Co-authored-by: Pablo Suárez Hernández <psuarezhernandez@suse.com>
Co-authored-by: Alexander Graul <agraul@suse.com>
Co-authored-by: Frode Gundersen <fgundersen@saltstack.com>
Co-authored-by: Gareth J. Greenaway <gareth@saltstack.com>
Co-authored-by: Gareth J. Greenaway <gareth@wiked.org>
Co-authored-by: Hoa-Long Tam <hoalong@apple.com>
Co-authored-by: krionbsd <krion@freebsd.org>
Co-authored-by: Elias Probst <e.probst@ssc-services.de>
Co-authored-by: Daniel A. Wozniak <dwozniak@vmware.com>
Co-authored-by: Frode Gundersen <frogunder@gmail.com>
Co-authored-by: twangboy <slee@saltstack.com>
Co-authored-by: twangboy <leesh@vmware.com>
Co-authored-by: ScriptAutomate <derek@icanteven.io>
Co-authored-by: Wayne Werner <waynejwerner@gmail.com>
Co-authored-by: David Murphy < dmurphy@saltstack.com>
Co-authored-by: Joe Eacott <jeacott@vmware.com>
Co-authored-by: cmcmarrow <charles.mcmarrow.4@gmail.com>
Co-authored-by: Twangboy <shane.d.lee@gmail.com>
 2021-09-22 17:42:38 -07:00
Pedro Algarvio
93a3caeacb Bump sqlparse requirements to 0.4.2 
GHSA-p5w8-wqhj-9hhf (high severity)
Vulnerable versions: >= 0.4.0, < 0.4.2
Patched version: 0.4.2

Impact

The formatter function that strips comments from a SQL contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments.
 2021-09-21 13:42:53 -07:00
Pedro Algarvio
2ed6d1a974 Enforce requirements and their versions consistency 
Use use the packaging requirements as version constraints to all other
requirements files which should include Salt's base requirements.

The nox sessions now don't install the base requirements since the "top"
requirements file includes the base requirements.

All of this, ensuring that the same versions are used on all of them.
 2021-09-21 13:42:53 -07:00
Pedro Algarvio
ec6e96a036 Upgrade to six==1.16.0 to avoid problems on CI runs 
```
13:59:02  nox > Session invoke-pre-commit was successful.
13:59:02  nox > Running session invoke-pre-commit
13:59:02  nox > pip install --progress-bar=off -r requirements/static/ci/py3.7/invoke.txt
13:59:02  Collecting blessings==1.7
13:59:02    Using cached blessings-1.7-py3-none-any.whl (18 kB)
13:59:02  Collecting invoke==1.4.1
13:59:02    Using cached invoke-1.4.1-py3-none-any.whl (210 kB)
13:59:02  Collecting pyyaml==5.3.1
13:59:02    Using cached PyYAML-5.3.1.tar.gz (269 kB)
13:59:02  Collecting six==1.15.0
13:59:02    Using cached six-1.15.0-py2.py3-none-any.whl (10 kB)
13:59:02  Building wheels for collected packages: pyyaml
13:59:02    Building wheel for pyyaml (setup.py) ... - \ | / - \ | done
13:59:02    Created wheel for pyyaml: filename=PyYAML-5.3.1-cp37-cp37m-linux_x86_64.whl size=546391 sha256=e42e1d66cc32087f4d33ceb81268c86b59f1a97029b19459f91b8d6ad1430167
13:59:02    Stored in directory: /var/jenkins/.cache/pip/wheels/5e/03/1e/e1e954795d6f35dfc7b637fe2277bff021303bd9570ecea653
13:59:02  Successfully built pyyaml
13:59:02  Installing collected packages: six, pyyaml, invoke, blessings
13:59:02    Attempting uninstall: six
13:59:02      Found existing installation: six 1.16.0
13:59:02      Uninstalling six-1.16.0:
13:59:02  ERROR: Could not install packages due to an OSError: [Errno 2] No such file or directory: '/var/jenkins/.cache/pre-commit/repomw8oee1s/py_env-python3/lib/python3.7/site-packages/__pycache__/six.cpython-37.pyc'
13:59:02
13:59:02  nox > Command pip install --progress-bar=off -r requirements/static/ci/py3.7/invoke.txt failed with exit code 1
13:59:02  nox > Session invoke-pre-commit failed.
```
 2021-05-27 09:32:39 -04:00
Pedro Algarvio
2ea5ad81a9 Compile the requirements 2021-05-05 06:48:41 -07:00
krionbsd
406f6a625f Update toml to 0.10.2 2021-01-16 17:31:58 -07:00
Pedro Algarvio
7efd60131b
Move CI static requirements to it's own subdirectory 2020-09-30 09:31:48 +01:00
Renamed from requirements/static/py3.8/lint.txt (Browse further)