zware/awx
1
0
Fork 0
mirror of https://github.com/ZwareBear/awx.git synced 2026-03-20 07:43:35 -05:00
Code Issues Packages Projects Releases Wiki Activity

Updated dependencies to reduce issues with dependabot and container scanning (#12180)

Browse Source 
Modify updater.sh to remove the local path references.
This commit is contained in:
John Westcott IV
2022-05-12 09:25:36 -04:00
committed by GitHub
parent 70697869d7
commit 78660ad0a2
10 changed files with 88 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
docs/licenses/dictdiffer.txt
View File

@@ -1,28 +0,0 @@
Dictdiffer is free software; you can redistribute it and/or modify it
under the terms of the MIT License quoted below.
Copyright (C) 2013 Fatih Erikli.
Copyright (C) 2013, 2014 CERN.
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
In applying this license, CERN does not waive the privileges and
immunities granted to it by virtue of its status as an
Intergovernmental Organization or submit itself to any jurisdiction.

27
docs/licenses/pyhamcrest.txt
View File

@@ -1,27 +0,0 @@
BSD License
Copyright 2011 hamcrest.org
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of
conditions and the following disclaimer. Redistributions in binary form must reproduce
the above copyright notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the distribution.
Neither the name of Hamcrest nor the names of its contributors may be used to endorse
or promote products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.

60
docs/licenses/python-ldap.txt
View File

@@ -1,3 +1,63 @@
The MIT License applies to contributions committed after July 1st, 2021, and
to all contributions by the following authors:
* A. Karl Kornel
* Alex Willmer
* Aymeric Augustin
* Bernhard M. Wiedemann
* Bradley Baetz
* Christian Heimes
* Éloi Rivard
* Eyal Cherevatzki
* Florian Best
* Fred Thomsen
* Ivan A. Melnikov
* johnthagen
* Jonathon Reinhart
* Jon Dufresne
* Martin Basti
* Marti Raudsepp
* Miro Hrončok
* Paul Aurich
* Petr Viktorin
* Pieterjan De Potter
* Raphaël Barrois
* Robert Kuska
* Stanislav Láznička
* Tobias Bräutigam
* Tom van Dijk
* Wentao Han
* William Brown
-------------------------------------------------------------------------------
MIT License
Copyright (c) 2021 python-ldap contributors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Previous license:
The python-ldap package is distributed under Python-style license. The python-ldap package is distributed under Python-style license.

21
docs/licenses/ruamel-yaml.txt
View File

@@ -1,21 +0,0 @@
The MIT License (MIT)
Copyright (c) 2014-2019 Anthon van der Neut, Ruamel bvba
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

5
docs/licenses/twisted.txt
View File

@@ -1,4 +1,4 @@
Copyright (c) 2001-2016 Copyright (c) 2001-2022
Allen Short Allen Short
Amber Hawkie Brown Amber Hawkie Brown
Andrew Bennetts Andrew Bennetts
@@ -10,6 +10,7 @@ Benjamin Bruheim
Bob Ippolito Bob Ippolito
Canonical Limited Canonical Limited
Christopher Armstrong Christopher Armstrong
Ciena Corporation
David Reid David Reid
Divmod Inc. Divmod Inc.
Donovan Preston Donovan Preston
@@ -44,8 +45,10 @@ Sean Riley
Software Freedom Conservancy Software Freedom Conservancy
Tavendo GmbH Tavendo GmbH
Thijs Triemstra Thijs Triemstra
Thomas Grainger
Thomas Herve Thomas Herve
Timothy Allen Timothy Allen
Tom Most
Tom Prince Tom Prince
Travis B. Hartwell Travis B. Hartwell

6
requirements/README.md
View File

@@ -16,12 +16,6 @@ then run the script:
NOTE: `./updater.sh` uses /usr/bin/python3.6, to match the current python version NOTE: `./updater.sh` uses /usr/bin/python3.6, to match the current python version
(3.6) used to build releases. (3.6) used to build releases.
##### Note - watch out for the updater script, using paths local to your machine instead of generalized paths; ie
```bash
# via -r /awx_devel/requirements/requirements.in <-RIGHT
# via -r /home/foo/bar/awx/requirements/requirements.in <-WRONG
```
#### Upgrading Unpinned Dependency #### Upgrading Unpinned Dependency
If you require a new version of a dependency that does not have a pinned version If you require a new version of a dependency that does not have a pinned version

10
requirements/requirements.in
View File

@@ -5,7 +5,7 @@ autobahn>=20.12.3 # CVE-2020-35678
azure-keyvault==1.1.0 # see UPGRADE BLOCKERs azure-keyvault==1.1.0 # see UPGRADE BLOCKERs
channels channels
channels-redis>=3.1.0 # https://github.com/django/channels_redis/issues/212 channels-redis>=3.1.0 # https://github.com/django/channels_redis/issues/212
cryptography>=35.0.0 cryptography>=36.0.2,<37.0.0 # Until paramiko fixes https://github.com/paramiko/paramiko/issues/2038 we don't want to go to 37 or we end up with blowfish warnings in the job output
Cython<3 # Since the bump to PyYAML 5.4.1 this is now a mandatory dep Cython<3 # Since the bump to PyYAML 5.4.1 this is now a mandatory dep
daphne daphne
distro distro
@@ -30,8 +30,9 @@ irc
jinja2>=2.11.3 # CVE-2020-28493 jinja2>=2.11.3 # CVE-2020-28493
JSON-log-formatter JSON-log-formatter
jsonschema jsonschema
kubernetes>=12.0.0 # CVE-2020-1747
Markdown # used for formatting API help Markdown # used for formatting API help
openshift>=0.11.0 # minimum version to pull in new pyyaml for CVE-2017-18342 openshift>=0.12.0 # minimum version to pull in new pyyaml for CVE-2017-18342, minimum version to pull in new kubernetes for CVE-2020-1747
pexpect==4.7.0 # see library notes pexpect==4.7.0 # see library notes
prometheus_client prometheus_client
psycopg2 psycopg2
@@ -41,7 +42,7 @@ pyparsing
python3-saml==1.13.0 python3-saml==1.13.0
python-dsv-sdk python-dsv-sdk
python-tss-sdk==1.0.0 python-tss-sdk==1.0.0
python-ldap>=3.3.1 # https://github.com/python-ldap/python-ldap/issues/270 python-ldap>=3.4.0 # https://github.com/ansible/awx/security/dependabot/20
pyyaml>=5.4.1 # minimum to fix https://github.com/yaml/pyyaml/issues/478 pyyaml>=5.4.1 # minimum to fix https://github.com/yaml/pyyaml/issues/478
receptorctl==1.1.1 receptorctl==1.1.1
schedule==0.6.0 schedule==0.6.0
@@ -49,10 +50,11 @@ social-auth-core==4.2.0 # see UPGRADE BLOCKERs
social-auth-app-django==5.0.0 # see UPGRADE BLOCKERs social-auth-app-django==5.0.0 # see UPGRADE BLOCKERs
redis redis
requests requests
sqlparse>=0.4.2 # Required by Django, pinning for CVE-2021-32839
slack-sdk slack-sdk
tacacs_plus==1.0 # UPGRADE BLOCKER: auth does not work with later versions tacacs_plus==1.0 # UPGRADE BLOCKER: auth does not work with later versions
twilio twilio
twisted[tls]>=20.3.0 # CVE-2020-10108, CVE-2020-10109 twisted[tls]>=22.4.0 # CVE-2020-10108, CVE-2020-10109, CVE-2022-21712 (https://github.com/ansible/awx/security/dependabot/46), https://github.com/ansible/awx/security/dependabot/53
uWSGI uWSGI
uwsgitop uwsgitop
wheel wheel

31
requirements/requirements.txt
View File

@@ -82,8 +82,6 @@ defusedxml==0.6.0
# via # via
# python3-openid # python3-openid
# social-auth-core # social-auth-core
dictdiffer==0.8.1
# via openshift
distro==1.5.0 distro==1.5.0
# via -r /awx_devel/requirements/requirements.in # via -r /awx_devel/requirements/requirements.in
django==3.2.13 django==3.2.13
@@ -153,7 +151,7 @@ idna==2.9
# requests # requests
# twisted # twisted
# yarl # yarl
incremental==17.5.0 incremental==21.3.0
# via twisted # via twisted
irc==18.0.0 irc==18.0.0
# via -r /awx_devel/requirements/requirements.in # via -r /awx_devel/requirements/requirements.in
@@ -179,15 +177,15 @@ jaraco-text==3.2.0
# irc # irc
# jaraco-collections # jaraco-collections
jinja2==3.0.3 jinja2==3.0.3
# via # via -r /awx_devel/requirements/requirements.in
# -r /awx_devel/requirements/requirements.in
# openshift
json-log-formatter==0.3.0 json-log-formatter==0.3.0
# via -r /awx_devel/requirements/requirements.in # via -r /awx_devel/requirements/requirements.in
jsonschema==3.2.0 jsonschema==3.2.0
# via -r /awx_devel/requirements/requirements.in # via -r /awx_devel/requirements/requirements.in
kubernetes==11.0.0 kubernetes==23.3.0
# via openshift # via
# -r /awx_devel/requirements/requirements.in
# openshift
lockfile==0.12.2 lockfile==0.12.2
# via python-daemon # via python-daemon
lxml==4.7.0 lxml==4.7.0
@@ -223,7 +221,7 @@ oauthlib==3.2.0
# django-oauth-toolkit # django-oauth-toolkit
# requests-oauthlib # requests-oauthlib
# social-auth-core # social-auth-core
openshift==0.11.0 openshift==0.13.1
# via -r /awx_devel/requirements/requirements.in # via -r /awx_devel/requirements/requirements.in
packaging==21.3 packaging==21.3
# via # via
@@ -260,8 +258,6 @@ pycparser==2.20
# via cffi # via cffi
pygerduty==0.38.2 pygerduty==0.38.2
# via -r /awx_devel/requirements/requirements.in # via -r /awx_devel/requirements/requirements.in
pyhamcrest==2.0.2
# via twisted
pyjwt==2.3.0 pyjwt==2.3.0
# via # via
# adal # adal
@@ -286,7 +282,7 @@ python-dateutil==2.8.1
# receptorctl # receptorctl
python-dsv-sdk==0.0.1 python-dsv-sdk==0.0.1
# via -r /awx_devel/requirements/requirements.in # via -r /awx_devel/requirements/requirements.in
python-ldap==3.3.1 python-ldap==3.4.0
# via # via
# -r /awx_devel/requirements/requirements.in # -r /awx_devel/requirements/requirements.in
# django-auth-ldap # django-auth-ldap
@@ -338,8 +334,6 @@ requests-oauthlib==1.3.1
# social-auth-core # social-auth-core
rsa==4.7.2 rsa==4.7.2
# via google-auth # via google-auth
ruamel-yaml==0.16.10
# via openshift
schedule==0.6.0 schedule==0.6.0
# via -r /awx_devel/requirements/requirements.in # via -r /awx_devel/requirements/requirements.in
semantic-version==2.9.0 semantic-version==2.9.0
@@ -382,8 +376,10 @@ social-auth-core==4.2.0
# via # via
# -r /awx_devel/requirements/requirements.in # -r /awx_devel/requirements/requirements.in
# social-auth-app-django # social-auth-app-django
sqlparse==0.3.1 sqlparse==0.4.2
# via django # via
# -r /awx_devel/requirements/requirements.in
# django
tacacs-plus==1.0 tacacs-plus==1.0
# via -r /awx_devel/requirements/requirements.in # via -r /awx_devel/requirements/requirements.in
tempora==2.1.0 tempora==2.1.0
@@ -394,7 +390,7 @@ tomli==2.0.1
# via setuptools-scm # via setuptools-scm
twilio==6.37.0 twilio==6.37.0
# via -r /awx_devel/requirements/requirements.in # via -r /awx_devel/requirements/requirements.in
twisted[tls]==20.3.0 twisted[tls]==22.4.0
# via # via
# -r /awx_devel/requirements/requirements.in # -r /awx_devel/requirements/requirements.in
# daphne # daphne
@@ -404,6 +400,7 @@ typing-extensions==3.10.0.2
# via # via
# aiohttp # aiohttp
# setuptools-rust # setuptools-rust
# twisted
urllib3==1.26.5 urllib3==1.26.5
# via # via
# kubernetes # kubernetes

2
requirements/requirements_dev.txt
View File

@@ -1,7 +1,7 @@
django-debug-toolbar==3.2.4 django-debug-toolbar==3.2.4
django-rest-swagger django-rest-swagger
# pprofile - re-add once https://github.com/vpelletier/pprofile/issues/41 is addressed # pprofile - re-add once https://github.com/vpelletier/pprofile/issues/41 is addressed
ipython==7.21.0 ipython>=7.31.1 # https://github.com/ansible/awx/security/dependabot/30
unittest2 unittest2
black black
pytest!=7.0.0 pytest!=7.0.0

4
requirements/updater.sh
View File

@@ -32,6 +32,7 @@ generate_requirements() {
} }
main() { main() {
base_dir=$(pwd)
_tmp="$(mktemp -d --suffix .awx-requirements XXXX -p /tmp)" _tmp="$(mktemp -d --suffix .awx-requirements XXXX -p /tmp)"
trap _cleanup INT TERM EXIT trap _cleanup INT TERM EXIT
@@ -44,7 +45,8 @@ main() {
generate_requirements generate_requirements
cp -vf requirements.txt "${requirements}" echo "Changing $base_dir to /awx_devel/requirements"
cat requirements.txt | sed "s:$base_dir:/awx_devel/requirements:" > "${requirements}"
_cleanup _cleanup
} }