From e4d58438601ea8f8710795bd31f5a0ecfe6429d7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 08:49:47 +0000 Subject: [PATCH 01/37] Bump tox from 3.24.5 to 4.15.0 in /tools/deps Bumps [tox](https://github.com/tox-dev/tox) from 3.24.5 to 4.15.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](https://github.com/tox-dev/tox/compare/3.24.5...4.15.0) --- updated-dependencies: - dependency-name: tox dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- tools/deps/requirements-tox.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/deps/requirements-tox.txt b/tools/deps/requirements-tox.txt index 635da349ea..433c4cab21 100644 --- a/tools/deps/requirements-tox.txt +++ b/tools/deps/requirements-tox.txt @@ -46,9 +46,9 @@ toml==0.10.2 \ --hash=sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b \ --hash=sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f # via tox -tox==3.24.5 \ - --hash=sha256:be3362472a33094bce26727f5f771ca0facf6dafa217f65875314e9a6600c95c \ - --hash=sha256:67e0e32c90e278251fea45b696d0fef3879089ccbe979b0c556d35d5a70e2993 +tox==4.15.0 \ + --hash=sha256:300055f335d855b2ab1b12c5802de7f62a36d4fd53f30bd2835f6a201dda46ea \ + --hash=sha256:7a0beeef166fbe566f54f795b4906c31b428eddafc0102ac00d20998dd1933f6 typing-extensions==4.9.0 \ --hash=sha256:23478f88c37f27d76ac8aee6c905017a143b0b1b886c3c9f66bc2fd94f9f5783 \ --hash=sha256:af72aea155e91adfc61c3ae9e0e342dbc0cba726d6cba4b6c72c1f34e47291cd From a56458933c5c4fe528e700f5fce297c255654f8b Mon Sep 17 00:00:00 2001 From: Sweta Yadav Date: Mon, 20 May 2024 15:19:50 +0530 Subject: [PATCH 02/37] Added cachetools 5.3.3 and pyproject-api 1.6.1 --- tools/deps/requirements-tox.txt | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tools/deps/requirements-tox.txt b/tools/deps/requirements-tox.txt index 433c4cab21..5d8ed0d857 100644 --- a/tools/deps/requirements-tox.txt +++ b/tools/deps/requirements-tox.txt @@ -6,6 +6,10 @@ appdirs==1.4.4 \ --hash=sha256:a841dacd6b99318a741b166adb07e19ee71a274450e68237b4650ca1055ab128 \ --hash=sha256:7d5d0167b2b1ba821647616af46a749d1c653740dd0d2415100fe26e27afdf41 # via virtualenv +cachetools==5.3.3 \ + --hash=sha256:0abad1021d3f8325b2fc1d2e9c8b9c9d57b04c3932657a72465447332c24d945 \ + --hash=sha256:ba29e2dfa0b8b556606f097407ed1aa62080ee108ab0dc5ec9d6a723a007d105 + # via tox colorama==0.4.6; sys_platform == "win32" \ --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \ --hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6 @@ -38,6 +42,10 @@ pyparsing==2.4.7 \ --hash=sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b \ --hash=sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1 # via packaging +pyproject-api==1.6.1 \ + --hash=sha256:1817dc018adc0d1ff9ca1ed8c60e1623d5aaca40814b953af14a9cf9a5cae538 \ + --hash=sha256:4c0116d60476b0786c88692cf4e325a9814965e2469c5998b830bba16b183675 + # via tox six==1.16.0 \ --hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254 \ --hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 From 2054120302812e965c76ca8a13b397f2810508e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 15:23:08 +0530 Subject: [PATCH 03/37] Bump pluggy from 1.4.0 to 1.5.0 in /tools/deps (#4866) Bumps [pluggy](https://github.com/pytest-dev/pluggy) from 1.4.0 to 1.5.0. - [Changelog](https://github.com/pytest-dev/pluggy/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pluggy/compare/1.4.0...1.5.0) --- updated-dependencies: - dependency-name: pluggy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/deps/requirements-tests.txt | 6 +++--- tools/deps/requirements-tox.txt | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/deps/requirements-tests.txt b/tools/deps/requirements-tests.txt index b40ab238b0..fea33f522e 100644 --- a/tools/deps/requirements-tests.txt +++ b/tools/deps/requirements-tests.txt @@ -199,9 +199,9 @@ platformdirs==4.2.0 \ --hash=sha256:0614df2a2f37e1a662acbd8e2b25b92ccf8632929bc6d43467e17fe89c75e068 \ --hash=sha256:ef0cc731df711022c174543cb70a9b5bd22e5a9337c8624ef2c2ceb8ddad8768 # via black -pluggy==1.4.0 \ - --hash=sha256:7db9f7b503d67d1c5b95f59773ebb58a8c1c288129a88665838012cfb07b8981 \ - --hash=sha256:8c85c2876142a764e5b7548e7d9a0e0ddb46f5185161049a79b7e974454223be +pluggy==1.5.0 \ + --hash=sha256:2cffa88e94fdc978c4c574f15f9e59b7f4201d439195c3715ca9e2486f1d0cf1 \ + --hash=sha256:44e1ad92c8ca002de6377e165f3e0f1be63266ab4d554740532335b9d75ea669 # via pytest pre-commit==2.16.0 \ --hash=sha256:758d1dc9b62c2ed8881585c254976d66eae0889919ab9b859064fc2fe3c7743e \ diff --git a/tools/deps/requirements-tox.txt b/tools/deps/requirements-tox.txt index 5d8ed0d857..86d8aaf783 100644 --- a/tools/deps/requirements-tox.txt +++ b/tools/deps/requirements-tox.txt @@ -30,9 +30,9 @@ packaging==24.0 \ --hash=sha256:2ddfb553fdf02fb784c234c7ba6ccc288296ceabec964ad2eae3777778130bc5 \ --hash=sha256:eb82c5e3e56209074766e6885bb04b8c38a0c015d0a30036ebe7ece34c9989e9 # via tox -pluggy==1.4.0 \ - --hash=sha256:7db9f7b503d67d1c5b95f59773ebb58a8c1c288129a88665838012cfb07b8981 \ - --hash=sha256:8c85c2876142a764e5b7548e7d9a0e0ddb46f5185161049a79b7e974454223be +pluggy==1.5.0 \ + --hash=sha256:2cffa88e94fdc978c4c574f15f9e59b7f4201d439195c3715ca9e2486f1d0cf1 \ + --hash=sha256:44e1ad92c8ca002de6377e165f3e0f1be63266ab4d554740532335b9d75ea669 # via tox py==1.10.0 \ --hash=sha256:3b80836aa6d1feeaa108e046da6423ab8f6ceda6468545ae8d02d9d58d18818a \ From e58e582b2187d1ef8e352bb53b4132fa0e05518e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 15:23:54 +0530 Subject: [PATCH 04/37] Bump py-cpuinfo from 8.0.0 to 9.0.0 in /tools/deps (#3677) Bumps [py-cpuinfo](https://github.com/workhorsy/py-cpuinfo) from 8.0.0 to 9.0.0. - [Release notes](https://github.com/workhorsy/py-cpuinfo/releases) - [Changelog](https://github.com/workhorsy/py-cpuinfo/blob/master/ChangeLog) - [Commits](https://github.com/workhorsy/py-cpuinfo/compare/v8.0.0...v9.0.0) --- updated-dependencies: - dependency-name: py-cpuinfo dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/deps/requirements-bench.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/deps/requirements-bench.txt b/tools/deps/requirements-bench.txt index 235dc64fb0..5362c3a960 100644 --- a/tools/deps/requirements-bench.txt +++ b/tools/deps/requirements-bench.txt @@ -2,8 +2,9 @@ # Modules needed by benchmarks. # This file is independent to not pollute other test environments. # -py-cpuinfo==8.0.0 \ - --hash=sha256:5f269be0e08e33fd959de96b34cd4aeeeacac014dd8305f70eb28d06de2345c5 +py-cpuinfo==9.0.0 \ + --hash=sha256:3cdbbf3fac90dc6f118bfd64384f309edeadd902d7c8fb17f02ffa1fc3f49690 \ + --hash=sha256:859625bc251f64e21f077d099d4162689c762b5d6a4c3c97553d56241c9674d5 pytest-benchmark==3.4.1 \ --hash=sha256:36d2b08c4882f6f997fd3126a3d6dfd70f3249cde178ed8bbc0b73db7c20f809 \ --hash=sha256:40e263f912de5a81d891619032983557d62a3d85843f9a9f30b98baea0cd7b47 From daca6e3541e8233b67898d26bc2d551fb9291121 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 15:24:24 +0530 Subject: [PATCH 05/37] Bump pytest-cov from 4.1.0 to 5.0.0 in /tools/deps (#4732) Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 4.1.0 to 5.0.0. - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest-cov/compare/v4.1.0...v5.0.0) --- updated-dependencies: - dependency-name: pytest-cov dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/deps/requirements-tests.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/deps/requirements-tests.txt b/tools/deps/requirements-tests.txt index fea33f522e..032506aaab 100644 --- a/tools/deps/requirements-tests.txt +++ b/tools/deps/requirements-tests.txt @@ -225,9 +225,9 @@ pyparsing==2.4.7 \ --hash=sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1 \ --hash=sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b # via packaging -pytest-cov==4.1.0 \ - --hash=sha256:3904b13dfbfec47f003b8e77fd5b589cd11904a21ddf1ab38a64f204d6a10ef6 \ - --hash=sha256:6ba70b9e97e69fcc3fb45bfeab2d0a138fb65c4d0d6a41ef33983ad114be8c3a +pytest-cov==5.0.0 \ + --hash=sha256:4f0764a1219df53214206bf1feea4633c3b558a2925c8b59f144f682861ce652 \ + --hash=sha256:5837b58e9f6ebd335b0f8060eecce69b662415b16dc503883a02f45dfeb14857 pytest-forked==1.6.0 \ --hash=sha256:4dafd46a9a600f65d822b8f605133ecf5b3e1941ebb3588e943b4e3eb71a5a3f \ --hash=sha256:810958f66a91afb1a1e2ae83089d8dc1cd2437ac96b12963042fbb9fb4d16af0 From 2f114c0f1c1654397046b50aba860561d51c79e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 15:24:55 +0530 Subject: [PATCH 06/37] Bump pytest-timeout from 2.2.0 to 2.3.1 in /tools/deps (#4679) Bumps [pytest-timeout](https://github.com/pytest-dev/pytest-timeout) from 2.2.0 to 2.3.1. - [Commits](https://github.com/pytest-dev/pytest-timeout/compare/2.2.0...2.3.1) --- updated-dependencies: - dependency-name: pytest-timeout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/deps/requirements-tests.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/deps/requirements-tests.txt b/tools/deps/requirements-tests.txt index 032506aaab..150d9cddbc 100644 --- a/tools/deps/requirements-tests.txt +++ b/tools/deps/requirements-tests.txt @@ -232,9 +232,9 @@ pytest-forked==1.6.0 \ --hash=sha256:4dafd46a9a600f65d822b8f605133ecf5b3e1941ebb3588e943b4e3eb71a5a3f \ --hash=sha256:810958f66a91afb1a1e2ae83089d8dc1cd2437ac96b12963042fbb9fb4d16af0 # via pytest-xdist -pytest-timeout==2.2.0 \ - --hash=sha256:3b0b95dabf3cb50bac9ef5ca912fa0cfc286526af17afc806824df20c2f72c90 \ - --hash=sha256:bde531e096466f49398a59f2dde76fa78429a09a12411466f88a07213e220de2 +pytest-timeout==2.3.1 \ + --hash=sha256:12397729125c6ecbdaca01035b9e5239d4db97352320af155b3f5de1ba5165d9 \ + --hash=sha256:68188cb703edfc6a18fad98dc25a3c61e9f24d644b0b70f33af545219fc7813e pytest-xdist==3.5.0 \ --hash=sha256:cbb36f3d67e0c478baa57fa4edc8843887e0f6cfc42d677530a36d7472b32d8a \ --hash=sha256:d075629c7e00b611df89f490a5063944bee7a4362a5ff11c7cc7824a03dfce24 From 7c4e379e55e3071d2cc43f0834f855b97479e72c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 15:26:48 +0530 Subject: [PATCH 07/37] Bump pytest-benchmark from 3.4.1 to 4.0.0 in /tools/deps (#4072) Bumps [pytest-benchmark](https://github.com/ionelmc/pytest-benchmark) from 3.4.1 to 4.0.0. - [Changelog](https://github.com/ionelmc/pytest-benchmark/blob/master/CHANGELOG.rst) - [Commits](https://github.com/ionelmc/pytest-benchmark/compare/v3.4.1...v4.0.0) --- updated-dependencies: - dependency-name: pytest-benchmark dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sweta Yadav <106366788+swetayadav1@users.noreply.github.com> --- tools/deps/requirements-bench.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/deps/requirements-bench.txt b/tools/deps/requirements-bench.txt index 5362c3a960..1c8cdf3a30 100644 --- a/tools/deps/requirements-bench.txt +++ b/tools/deps/requirements-bench.txt @@ -2,9 +2,9 @@ # Modules needed by benchmarks. # This file is independent to not pollute other test environments. # +pytest-benchmark==4.0.0 \ + --hash=sha256:fb0785b83efe599a6a956361c0691ae1dbb5318018561af10f3e915caa0048d1 \ + --hash=sha256:fdb7db64e31c8b277dff9850d2a2556d8b60bcb0ea6524e36e28ffd7c87f71d6 py-cpuinfo==9.0.0 \ --hash=sha256:3cdbbf3fac90dc6f118bfd64384f309edeadd902d7c8fb17f02ffa1fc3f49690 \ --hash=sha256:859625bc251f64e21f077d099d4162689c762b5d6a4c3c97553d56241c9674d5 -pytest-benchmark==3.4.1 \ - --hash=sha256:36d2b08c4882f6f997fd3126a3d6dfd70f3249cde178ed8bbc0b73db7c20f809 \ - --hash=sha256:40e263f912de5a81d891619032983557d62a3d85843f9a9f30b98baea0cd7b47 From b1be39fd810cc9341376add331426204103efff8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 15:27:27 +0530 Subject: [PATCH 08/37] Bump pytest from 7.4.4 to 8.2.1 in /tools/deps (#4888) Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.4.4 to 8.2.1. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/7.4.4...8.2.1) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/deps/requirements-tests.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/deps/requirements-tests.txt b/tools/deps/requirements-tests.txt index 150d9cddbc..3602cf6ecb 100644 --- a/tools/deps/requirements-tests.txt +++ b/tools/deps/requirements-tests.txt @@ -238,9 +238,9 @@ pytest-timeout==2.3.1 \ pytest-xdist==3.5.0 \ --hash=sha256:cbb36f3d67e0c478baa57fa4edc8843887e0f6cfc42d677530a36d7472b32d8a \ --hash=sha256:d075629c7e00b611df89f490a5063944bee7a4362a5ff11c7cc7824a03dfce24 -pytest==7.4.4 \ - --hash=sha256:2cf0005922c6ace4a3e2ec8b4080eb0d9753fdc93107415332f50ce9e7994280 \ - --hash=sha256:b090cdf5ed60bf4c45261be03239c2c1c22df034fbffe691abe93cd80cea01d8 +pytest==8.2.1 \ + --hash=sha256:5046e5b46d8e4cac199c373041f26be56fdb81eb4e67dc11d4e10811fc3408fd \ + --hash=sha256:faccc5d332b8c3719f40283d0d44aa5cf101cec36f88cde9ed8f2bc0538612b1 # via pytest-cov, pytest-forked, pytest-timeout, pytest-xdist pywinauto==0.6.8 ; sys_platform == "win32" \ --hash=sha256:931ce622d7f402b1892ab472987a1332e4c0681bf87e106f798390d16ca95e58 From dd8f517d99096613e2176b29a2a0d7c131400234 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 15:27:54 +0530 Subject: [PATCH 09/37] Bump filelock from 3.12.4 to 3.14.0 in /tools/deps (#4833) Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.12.4 to 3.14.0. - [Release notes](https://github.com/tox-dev/py-filelock/releases) - [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst) - [Commits](https://github.com/tox-dev/py-filelock/compare/3.12.4...3.14.0) --- updated-dependencies: - dependency-name: filelock dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/deps/requirements-tox.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/deps/requirements-tox.txt b/tools/deps/requirements-tox.txt index 86d8aaf783..95404ee695 100644 --- a/tools/deps/requirements-tox.txt +++ b/tools/deps/requirements-tox.txt @@ -18,9 +18,9 @@ distlib==0.3.8 \ --hash=sha256:034db59a0b96f8ca18035f36290806a9a6e6bd9d1ff91e45a7f172eb17e51784 \ --hash=sha256:1530ea13e350031b6312d8580ddb6b27a104275a31106523b8f123787f494f64 # via virtualenv -filelock==3.12.4 \ - --hash=sha256:08c21d87ded6e2b9da6728c3dff51baf1dcecf973b768ef35bcbc3447edb9ad4 \ - --hash=sha256:2e6f249f1f3654291606e046b09f1fd5eac39b360664c27f5aad072012f8bcbd +filelock==3.14.0 \ + --hash=sha256:43339835842f110ca7ae60f1e1c160714c5a6afd15a2873419ab185334975c0f \ + --hash=sha256:6ea72da3be9b8c82afd3edcf99f2fffbb5076335a5ae4d03248bb5b6c3eae78a # via tox importlib-metadata==7.0.1 \ --hash=sha256:4805911c3a4ec7c3966410053e9ec6a1fecd629117df5adee56dfc9432a1081e \ From 4b0e372fe533e5747b8f4e11863c37fbe57318c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 15:28:15 +0530 Subject: [PATCH 10/37] Bump virtualenv from 20.4.7 to 20.26.2 in /tools/deps (#4887) Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.4.7 to 20.26.2. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](https://github.com/pypa/virtualenv/compare/20.4.7...20.26.2) --- updated-dependencies: - dependency-name: virtualenv dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/deps/requirements-tox.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/deps/requirements-tox.txt b/tools/deps/requirements-tox.txt index 95404ee695..601675d0d0 100644 --- a/tools/deps/requirements-tox.txt +++ b/tools/deps/requirements-tox.txt @@ -61,9 +61,9 @@ typing-extensions==4.9.0 \ --hash=sha256:23478f88c37f27d76ac8aee6c905017a143b0b1b886c3c9f66bc2fd94f9f5783 \ --hash=sha256:af72aea155e91adfc61c3ae9e0e342dbc0cba726d6cba4b6c72c1f34e47291cd # via importlib-metadata -virtualenv==20.4.7 \ - --hash=sha256:2b0126166ea7c9c3661f5b8e06773d28f83322de7a3ff7d06f0aed18c9de6a76 \ - --hash=sha256:14fdf849f80dbb29a4eb6caa9875d476ee2a5cf76a5f5415fa2f1606010ab467 +virtualenv==20.26.2 \ + --hash=sha256:82bf0f4eebbb78d36ddaee0283d43fe5736b53880b8a8cdcd37390a07ac3741c \ + --hash=sha256:a624db5e94f01ad993d476b9ee5346fdf7b9de43ccaee0e0197012dc838a0e9b # via tox zipp==3.18.0 \ --hash=sha256:c1bb803ed69d2cce2373152797064f7e79bc43f0a3748eb494096a867e0ebf79 \ From 6899de3e99bbdf21fab6d6faea784f99c47f4efa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 15:28:40 +0530 Subject: [PATCH 11/37] Bump chardet from 4.0.0 to 5.2.0 in /tools/deps (#4054) Bumps [chardet](https://github.com/chardet/chardet) from 4.0.0 to 5.2.0. - [Release notes](https://github.com/chardet/chardet/releases) - [Commits](https://github.com/chardet/chardet/compare/4.0.0...5.2.0) --- updated-dependencies: - dependency-name: chardet dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/deps/requirements.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/deps/requirements.txt b/tools/deps/requirements.txt index f21efedb1f..d2cf3b86b1 100644 --- a/tools/deps/requirements.txt +++ b/tools/deps/requirements.txt @@ -72,9 +72,9 @@ cffi==1.16.0 \ --hash=sha256:fa3a0128b152627161ce47201262d3140edb5a5c3da88d73a1b790a959126956 \ --hash=sha256:fcc8eb6d5902bb1cf6dc4f187ee3ea80a1eba0a89aba40a5cb20a5087d961357 # via cryptography -chardet==4.0.0 \ - --hash=sha256:f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5 \ - --hash=sha256:0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa +chardet==5.2.0 \ + --hash=sha256:1b3b6ff479a8c414bc3fa2c0852995695c4a026dcd6d0633b2dd092ca39c1cf7 \ + --hash=sha256:e1cf59446890a00105fe7b7912492ea04b6e6f06d4b742b2c788469e34c82970 # via requests charset-normalizer==2.1.1 \ --hash=sha256:5a3d016c7c547f69d6f81fb0db9449ce888b418b5b9952cc5e6e66843e9dd845 \ From 50a1945af3061c293b8e8560945f226ed500d833 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 15:29:23 +0530 Subject: [PATCH 12/37] Bump py from 1.10.0 to 1.11.0 in /tools/deps (#3676) Bumps [py](https://github.com/pytest-dev/py) from 1.10.0 to 1.11.0. - [Release notes](https://github.com/pytest-dev/py/releases) - [Changelog](https://github.com/pytest-dev/py/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/py/compare/1.10.0...1.11.0) --- updated-dependencies: - dependency-name: py dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sweta Yadav --- tools/deps/requirements-tests.txt | 6 +++--- tools/deps/requirements-tox.txt | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/deps/requirements-tests.txt b/tools/deps/requirements-tests.txt index 3602cf6ecb..ede248ceb5 100644 --- a/tools/deps/requirements-tests.txt +++ b/tools/deps/requirements-tests.txt @@ -206,9 +206,9 @@ pluggy==1.5.0 \ pre-commit==2.16.0 \ --hash=sha256:758d1dc9b62c2ed8881585c254976d66eae0889919ab9b859064fc2fe3c7743e \ --hash=sha256:fe9897cac830aa7164dbd02a4e7b90cae49630451ce88464bca73db486ba9f65 -py==1.10.0 \ - --hash=sha256:3b80836aa6d1feeaa108e046da6423ab8f6ceda6468545ae8d02d9d58d18818a \ - --hash=sha256:21b81bda15b66ef5e1a777a21c4dcd9c20ad3efd0b3f817e7a809035269e1bd3 +py==1.11.0 \ + --hash=sha256:51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719 \ + --hash=sha256:607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378 # via pytest pycodestyle==2.11.1 \ --hash=sha256:41ba0e7afc9752dfb53ced5489e89f8186be00e599e712660695b7a75ff2663f \ diff --git a/tools/deps/requirements-tox.txt b/tools/deps/requirements-tox.txt index 601675d0d0..ac6c9a13d9 100644 --- a/tools/deps/requirements-tox.txt +++ b/tools/deps/requirements-tox.txt @@ -34,9 +34,9 @@ pluggy==1.5.0 \ --hash=sha256:2cffa88e94fdc978c4c574f15f9e59b7f4201d439195c3715ca9e2486f1d0cf1 \ --hash=sha256:44e1ad92c8ca002de6377e165f3e0f1be63266ab4d554740532335b9d75ea669 # via tox -py==1.10.0 \ - --hash=sha256:3b80836aa6d1feeaa108e046da6423ab8f6ceda6468545ae8d02d9d58d18818a \ - --hash=sha256:21b81bda15b66ef5e1a777a21c4dcd9c20ad3efd0b3f817e7a809035269e1bd3 +py==1.11.0 \ + --hash=sha256:51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719 \ + --hash=sha256:607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378 # via tox pyparsing==2.4.7 \ --hash=sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b \ From c297aa434a6fb28ae14c0a56b9d846814eca6dfb Mon Sep 17 00:00:00 2001 From: Sweta Yadav Date: Mon, 20 May 2024 15:55:04 +0530 Subject: [PATCH 13/37] Removed pyproject-api --- tools/deps/requirements-tox.txt | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tools/deps/requirements-tox.txt b/tools/deps/requirements-tox.txt index ac6c9a13d9..e9148001f2 100644 --- a/tools/deps/requirements-tox.txt +++ b/tools/deps/requirements-tox.txt @@ -42,10 +42,6 @@ pyparsing==2.4.7 \ --hash=sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b \ --hash=sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1 # via packaging -pyproject-api==1.6.1 \ - --hash=sha256:1817dc018adc0d1ff9ca1ed8c60e1623d5aaca40814b953af14a9cf9a5cae538 \ - --hash=sha256:4c0116d60476b0786c88692cf4e325a9814965e2469c5998b830bba16b183675 - # via tox six==1.16.0 \ --hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254 \ --hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 From 9df142a8abbb6e22a2a437e2a114772dbad9073c Mon Sep 17 00:00:00 2001 From: swetayadav1 Date: Wed, 22 May 2024 14:53:55 +0530 Subject: [PATCH 14/37] Added pyproject-api and colorama in MacOS --- tools/deps/requirements-tox.txt | 6 +++++- tox.ini | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/deps/requirements-tox.txt b/tools/deps/requirements-tox.txt index e9148001f2..1f95d71e62 100644 --- a/tools/deps/requirements-tox.txt +++ b/tools/deps/requirements-tox.txt @@ -10,7 +10,7 @@ cachetools==5.3.3 \ --hash=sha256:0abad1021d3f8325b2fc1d2e9c8b9c9d57b04c3932657a72465447332c24d945 \ --hash=sha256:ba29e2dfa0b8b556606f097407ed1aa62080ee108ab0dc5ec9d6a723a007d105 # via tox -colorama==0.4.6; sys_platform == "win32" \ +colorama==0.4.6 \ --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \ --hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6 # via tox @@ -42,6 +42,10 @@ pyparsing==2.4.7 \ --hash=sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b \ --hash=sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1 # via packaging +pyproject-api==1.6.1 \ + --hash=sha256:1817dc018adc0d1ff9ca1ed8c60e1623d5aaca40814b953af14a9cf9a5cae538 \ + --hash=sha256:4c0116d60476b0786c88692cf4e325a9814965e2469c5998b830bba16b183675 + # via tox six==1.16.0 \ --hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254 \ --hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 diff --git a/tox.ini b/tox.ini index 1f57d68c31..80de4b0bd4 100644 --- a/tox.ini +++ b/tox.ini @@ -148,5 +148,6 @@ passenv = {[base]passenv} deps = {[base]deps} commands = {[base]commands} + python -m pip install --upgrade pip python -m pytest {posargs} tests/unit --ignore=tests/unit/test_tracing.py python -m pytest {posargs} tests/unit/test_tracing.py -n0 --cov-append From 8ee51f13ccd7e0430063326b20dac7cfa0830360 Mon Sep 17 00:00:00 2001 From: swetayadav1 Date: Wed, 22 May 2024 14:57:16 +0530 Subject: [PATCH 15/37] Added tomli in tox file --- tools/deps/requirements-tox.txt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tools/deps/requirements-tox.txt b/tools/deps/requirements-tox.txt index 1f95d71e62..beeeb1c28f 100644 --- a/tools/deps/requirements-tox.txt +++ b/tools/deps/requirements-tox.txt @@ -57,6 +57,13 @@ toml==0.10.2 \ tox==4.15.0 \ --hash=sha256:300055f335d855b2ab1b12c5802de7f62a36d4fd53f30bd2835f6a201dda46ea \ --hash=sha256:7a0beeef166fbe566f54f795b4906c31b428eddafc0102ac00d20998dd1933f6 +tomli==2.0.1 \ + --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc \ + --hash=sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f + # via + # build + # pip-tools + # pyproject-hooks typing-extensions==4.9.0 \ --hash=sha256:23478f88c37f27d76ac8aee6c905017a143b0b1b886c3c9f66bc2fd94f9f5783 \ --hash=sha256:af72aea155e91adfc61c3ae9e0e342dbc0cba726d6cba4b6c72c1f34e47291cd From e0cfc7e357961208a9e245ae7a4d88e555bbf595 Mon Sep 17 00:00:00 2001 From: swetayadav1 Date: Wed, 22 May 2024 14:58:32 +0530 Subject: [PATCH 16/37] added cardet in tox file --- tools/deps/requirements-tox.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/deps/requirements-tox.txt b/tools/deps/requirements-tox.txt index beeeb1c28f..14c021a141 100644 --- a/tools/deps/requirements-tox.txt +++ b/tools/deps/requirements-tox.txt @@ -10,6 +10,10 @@ cachetools==5.3.3 \ --hash=sha256:0abad1021d3f8325b2fc1d2e9c8b9c9d57b04c3932657a72465447332c24d945 \ --hash=sha256:ba29e2dfa0b8b556606f097407ed1aa62080ee108ab0dc5ec9d6a723a007d105 # via tox +chardet==5.2.0 \ + --hash=sha256:1b3b6ff479a8c414bc3fa2c0852995695c4a026dcd6d0633b2dd092ca39c1cf7 \ + --hash=sha256:e1cf59446890a00105fe7b7912492ea04b6e6f06d4b742b2c788469e34c82970 + # via tox colorama==0.4.6 \ --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \ --hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6 From b69b16f248d1fce5aab1b5f854195eef719aa471 Mon Sep 17 00:00:00 2001 From: swetayadav1 Date: Wed, 22 May 2024 14:59:54 +0530 Subject: [PATCH 17/37] Added platformdirs in tox file --- tools/deps/requirements-tox.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/deps/requirements-tox.txt b/tools/deps/requirements-tox.txt index 14c021a141..75664992d9 100644 --- a/tools/deps/requirements-tox.txt +++ b/tools/deps/requirements-tox.txt @@ -34,6 +34,10 @@ packaging==24.0 \ --hash=sha256:2ddfb553fdf02fb784c234c7ba6ccc288296ceabec964ad2eae3777778130bc5 \ --hash=sha256:eb82c5e3e56209074766e6885bb04b8c38a0c015d0a30036ebe7ece34c9989e9 # via tox +platformdirs==4.2.0 \ + --hash=sha256:0614df2a2f37e1a662acbd8e2b25b92ccf8632929bc6d43467e17fe89c75e068 \ + --hash=sha256:ef0cc731df711022c174543cb70a9b5bd22e5a9337c8624ef2c2ceb8ddad8768 + # via black pluggy==1.5.0 \ --hash=sha256:2cffa88e94fdc978c4c574f15f9e59b7f4201d439195c3715ca9e2486f1d0cf1 \ --hash=sha256:44e1ad92c8ca002de6377e165f3e0f1be63266ab4d554740532335b9d75ea669 From 0d1307bb3ca22fceb0363728b20e4beaffc850b2 Mon Sep 17 00:00:00 2001 From: swetayadav1 Date: Wed, 22 May 2024 17:21:46 +0530 Subject: [PATCH 18/37] Updating colorama in all platforms --- tools/deps/requirements-pip.txt | 2 +- tools/deps/requirements-tests.txt | 2 +- tox.ini | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/tools/deps/requirements-pip.txt b/tools/deps/requirements-pip.txt index 5eaf37ba06..e8cdde85ae 100644 --- a/tools/deps/requirements-pip.txt +++ b/tools/deps/requirements-pip.txt @@ -10,7 +10,7 @@ click==8.1.7 \ --hash=sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28 \ --hash=sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de # via pip-tools -colorama==0.4.6 ; sys_platform == "win32" \ +colorama==0.4.6 \ --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \ --hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6 # via click diff --git a/tools/deps/requirements-tests.txt b/tools/deps/requirements-tests.txt index ede248ceb5..3ced37f6d9 100644 --- a/tools/deps/requirements-tests.txt +++ b/tools/deps/requirements-tests.txt @@ -45,7 +45,7 @@ click==8.1.7 \ codespell==2.2.6 \ --hash=sha256:9ee9a3e5df0990604013ac2a9f22fa8e57669c827124a2e961fe8a1da4cacc07 \ --hash=sha256:a8c65d8eb3faa03deabab6b3bbe798bea72e1799c7e9e955d57eca4096abcff9 -colorama==0.4.6; sys_platform == "win32" \ +colorama==0.4.6 \ --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \ --hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6 # via pytest diff --git a/tox.ini b/tox.ini index 80de4b0bd4..1f57d68c31 100644 --- a/tox.ini +++ b/tox.ini @@ -148,6 +148,5 @@ passenv = {[base]passenv} deps = {[base]deps} commands = {[base]commands} - python -m pip install --upgrade pip python -m pytest {posargs} tests/unit --ignore=tests/unit/test_tracing.py python -m pytest {posargs} tests/unit/test_tracing.py -n0 --cov-append From c49d5682379f658762a18dc66e7a316e9cb27d38 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 May 2024 17:39:30 +0530 Subject: [PATCH 19/37] Bump platformdirs from 4.2.0 to 4.2.2 in /tools/deps (#4894) Bumps [platformdirs](https://github.com/platformdirs/platformdirs) from 4.2.0 to 4.2.2. - [Release notes](https://github.com/platformdirs/platformdirs/releases) - [Changelog](https://github.com/platformdirs/platformdirs/blob/main/CHANGES.rst) - [Commits](https://github.com/platformdirs/platformdirs/compare/4.2.0...4.2.2) --- updated-dependencies: - dependency-name: platformdirs dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/deps/requirements-tests.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/deps/requirements-tests.txt b/tools/deps/requirements-tests.txt index 3ced37f6d9..522c5940f9 100644 --- a/tools/deps/requirements-tests.txt +++ b/tools/deps/requirements-tests.txt @@ -195,9 +195,9 @@ pathspec==0.12.1 \ --hash=sha256:a0d503e138a4c123b27490a4f7beda6a01c6f288df0e4a8b79c7eb0dc7b4cc08 \ --hash=sha256:a482d51503a1ab33b1c67a6c3813a26953dbdc71c31dacaef9a838c4e29f5712 # via black -platformdirs==4.2.0 \ - --hash=sha256:0614df2a2f37e1a662acbd8e2b25b92ccf8632929bc6d43467e17fe89c75e068 \ - --hash=sha256:ef0cc731df711022c174543cb70a9b5bd22e5a9337c8624ef2c2ceb8ddad8768 +platformdirs==4.2.2 \ + --hash=sha256:2d7a1657e36a80ea911db832a8a6ece5ee53d8de21edd5cc5879af6530b1bfee \ + --hash=sha256:38b7b51f512eed9e84a22788b4bce1de17c0adb134d6becb09836e37d8654cd3 # via black pluggy==1.5.0 \ --hash=sha256:2cffa88e94fdc978c4c574f15f9e59b7f4201d439195c3715ca9e2486f1d0cf1 \ From 8f889c0ee6ec552c823259c08995381262e5af1b Mon Sep 17 00:00:00 2001 From: swetayadav1 Date: Wed, 22 May 2024 17:41:00 +0530 Subject: [PATCH 20/37] updated platformdirs in tox file --- tools/deps/requirements-tox.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/deps/requirements-tox.txt b/tools/deps/requirements-tox.txt index 75664992d9..325d33aaeb 100644 --- a/tools/deps/requirements-tox.txt +++ b/tools/deps/requirements-tox.txt @@ -34,9 +34,9 @@ packaging==24.0 \ --hash=sha256:2ddfb553fdf02fb784c234c7ba6ccc288296ceabec964ad2eae3777778130bc5 \ --hash=sha256:eb82c5e3e56209074766e6885bb04b8c38a0c015d0a30036ebe7ece34c9989e9 # via tox -platformdirs==4.2.0 \ - --hash=sha256:0614df2a2f37e1a662acbd8e2b25b92ccf8632929bc6d43467e17fe89c75e068 \ - --hash=sha256:ef0cc731df711022c174543cb70a9b5bd22e5a9337c8624ef2c2ceb8ddad8768 +platformdirs==4.2.2 \ + --hash=sha256:2d7a1657e36a80ea911db832a8a6ece5ee53d8de21edd5cc5879af6530b1bfee \ + --hash=sha256:38b7b51f512eed9e84a22788b4bce1de17c0adb134d6becb09836e37d8654cd3 # via black pluggy==1.5.0 \ --hash=sha256:2cffa88e94fdc978c4c574f15f9e59b7f4201d439195c3715ca9e2486f1d0cf1 \ From 9cbf78bac115fb20f6ce2b7db9c78a597d2d18ee Mon Sep 17 00:00:00 2001 From: swetayadav1 Date: Wed, 22 May 2024 17:49:32 +0530 Subject: [PATCH 21/37] Updated md file --- docs/changes/5.5.0.md | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/docs/changes/5.5.0.md b/docs/changes/5.5.0.md index 829ff5fd9a..a889ed11d2 100644 --- a/docs/changes/5.5.0.md +++ b/docs/changes/5.5.0.md @@ -27,7 +27,7 @@ Release date: `2024-xx-xx` ## Tests -- [NXDRIVE-2](https://jira.nuxeo.com/browse/NXDRIVE-2): +- [NXDRIVE-2933](https://jira.nuxeo.com/browse/NXDRIVE-2933): Fix ReDoS in py library when used with subversion ## Docs @@ -36,6 +36,8 @@ Release date: `2024-xx-xx` ## Minor Changes - Added `build` 1.1.1 +- Added `cachetools` 5.3.3 +- Added `pyproject-api` 1.6.1 - Added `pyproject-hooks` 1.0.0 - Added `PyQt5-Qt5` 5.15.13 (for MAC) - Added `PyQt5-Qt5` 5.15.2 (for Windows and Linux) @@ -52,6 +54,7 @@ Release date: `2024-xx-xx` - Upgraded `black` from 23.9.1 to 23.12.1 - Upgraded `boto3` from 1.28.50 to 1.34.17 - Upgraded `botocore` from 1.31.50 to 1.34.17 +- Upgraded `chardet` from 4.0.0 to 5.2.0 - Upgraded `cffi` from 1.15.1 to 1.16.1 - Upgraded `click` from 8.0.1 to 8.1.7 - Upgraded `codecov/codecov-action` from 3.1.4 to 3.1.5 @@ -64,6 +67,7 @@ Release date: `2024-xx-xx` - Upgraded `dukpy` from 0.2.3 to 0.3.1 - Upgraded `exceptiongroup` from 1.1.3 to 1.2.0 - Upgraded `faker` from 19.6.2 to 22.0.0 +- Upgraded `filelock` from 3.12.4 to 3.14.0 - Upgraded `identify` from 2.5.29 to 2.5.33 - Upgraded `idna` from 3.4 to 3.6 - Upgraded `importlib-metadata` from 6.8.0 to 7.0.1 @@ -75,8 +79,9 @@ Release date: `2024-xx-xx` - Upgraded `pep517` from 0.10.0 to 0.13.1 - Upgraded `pip` from 22.0.4 to 24.0 - Upgraded `pip-tools` from 6.5.1 to 7.4.1 -- Upgraded `platformdirs` from 3.10.0 to 4.2.0 -- Upgraded `pluggy` from 1.3.0 to 1.4.0 +- Upgraded `platformdirs` from 4.2.0 to 4.2.2 +- Upgraded `pluggy` from 1.4.0 to 1.5.0 +- Upgraded `py` from 1.10.0 to 1.11.0 - Upgraded `pycodestyle` from 2.11.0 to 2.11.1 - Upgraded `pyfakefs` from 5.3.4 to 5.3.5 - Upgraded `pyinstaller` from 5.0 to 5.13.2 @@ -89,8 +94,11 @@ Release date: `2024-xx-xx` - Upgraded `pyobjc-framework-systemconfiguration` from 7.3 to 10.1 - Upgraded `pyqt5` from 5.15.2 to 5.15.10 - Upgraded `pyqt5-sip` from 12.8.1 to 12.13.0 -- Upgraded `pytest` from 7.4.0 to 7.4.4 -- Upgraded `pytest-timeout` from 2.0.2 to 2.2.0 +- Upgraded `pytest` from 7.4.4 to 8.2.1 +- Upgraded `py-cpuinfo` from 8.0.0 to 9.0.0 +- Upgraded `pytest-benchmark` from 3.4.1 to 4.0.0 +- Upgraded `pytest-cov` from 4.1.0 to 5.0.0 +- Upgraded `pytest-timeout` from 2.2.0 to 2.3.1 - Upgraded `pytest-xdist` from 3.3.1 to 3.5.0 - Upgraded `pywin32-ctypes` from 0.2.0 to 0.2.2 - Upgraded `pyyaml` from 5.4.1 to 6.0.1 @@ -98,8 +106,10 @@ Release date: `2024-xx-xx` - Upgraded `responses` from 0.23.3 to 0.24.1 - Upgraded `s3transfer` from 0.6.0 to 0.10.0 - Upgraded `tld` from 0.12.6 to 0.13 +- Upgraded `tox` from 3.24.5 to 4.15.0 - Upgraded `types-python-dateutil` from 2.8.19.2 to 2.8.19.20240106 - Upgraded `typing-extensions` from 4.7.1 to 4.9.0 +- Upgraded `virtualenv` from 20.4.7 to 20.26.2 - Upgraded `vulture` from 2.10 to 2.11 - Upgraded `watchdog` from 2.1.6 to 3.0.0 - Upgraded `wcwidth` from 0.2.6 to 0.2.13 From 80d15862cada21ebef8ecaeac916207ba58c38ae Mon Sep 17 00:00:00 2001 From: swetayadav1 Date: Wed, 22 May 2024 18:00:25 +0530 Subject: [PATCH 22/37] Removed py and pytest-forked as it depends on py --- docs/changes/5.5.0.md | 1 - tools/deps/requirements-tests.txt | 8 -------- tools/deps/requirements-tox.txt | 4 ---- 3 files changed, 13 deletions(-) diff --git a/docs/changes/5.5.0.md b/docs/changes/5.5.0.md index a889ed11d2..9282dee75c 100644 --- a/docs/changes/5.5.0.md +++ b/docs/changes/5.5.0.md @@ -81,7 +81,6 @@ Release date: `2024-xx-xx` - Upgraded `pip-tools` from 6.5.1 to 7.4.1 - Upgraded `platformdirs` from 4.2.0 to 4.2.2 - Upgraded `pluggy` from 1.4.0 to 1.5.0 -- Upgraded `py` from 1.10.0 to 1.11.0 - Upgraded `pycodestyle` from 2.11.0 to 2.11.1 - Upgraded `pyfakefs` from 5.3.4 to 5.3.5 - Upgraded `pyinstaller` from 5.0 to 5.13.2 diff --git a/tools/deps/requirements-tests.txt b/tools/deps/requirements-tests.txt index 522c5940f9..ef213d0e0e 100644 --- a/tools/deps/requirements-tests.txt +++ b/tools/deps/requirements-tests.txt @@ -206,10 +206,6 @@ pluggy==1.5.0 \ pre-commit==2.16.0 \ --hash=sha256:758d1dc9b62c2ed8881585c254976d66eae0889919ab9b859064fc2fe3c7743e \ --hash=sha256:fe9897cac830aa7164dbd02a4e7b90cae49630451ce88464bca73db486ba9f65 -py==1.11.0 \ - --hash=sha256:51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719 \ - --hash=sha256:607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378 - # via pytest pycodestyle==2.11.1 \ --hash=sha256:41ba0e7afc9752dfb53ced5489e89f8186be00e599e712660695b7a75ff2663f \ --hash=sha256:44fe31000b2d866f2e41841b18528a505fbd7fef9017b04eff4e2648a0fadc67 @@ -228,10 +224,6 @@ pyparsing==2.4.7 \ pytest-cov==5.0.0 \ --hash=sha256:4f0764a1219df53214206bf1feea4633c3b558a2925c8b59f144f682861ce652 \ --hash=sha256:5837b58e9f6ebd335b0f8060eecce69b662415b16dc503883a02f45dfeb14857 -pytest-forked==1.6.0 \ - --hash=sha256:4dafd46a9a600f65d822b8f605133ecf5b3e1941ebb3588e943b4e3eb71a5a3f \ - --hash=sha256:810958f66a91afb1a1e2ae83089d8dc1cd2437ac96b12963042fbb9fb4d16af0 - # via pytest-xdist pytest-timeout==2.3.1 \ --hash=sha256:12397729125c6ecbdaca01035b9e5239d4db97352320af155b3f5de1ba5165d9 \ --hash=sha256:68188cb703edfc6a18fad98dc25a3c61e9f24d644b0b70f33af545219fc7813e diff --git a/tools/deps/requirements-tox.txt b/tools/deps/requirements-tox.txt index 325d33aaeb..2fc31d3a2c 100644 --- a/tools/deps/requirements-tox.txt +++ b/tools/deps/requirements-tox.txt @@ -42,10 +42,6 @@ pluggy==1.5.0 \ --hash=sha256:2cffa88e94fdc978c4c574f15f9e59b7f4201d439195c3715ca9e2486f1d0cf1 \ --hash=sha256:44e1ad92c8ca002de6377e165f3e0f1be63266ab4d554740532335b9d75ea669 # via tox -py==1.11.0 \ - --hash=sha256:51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719 \ - --hash=sha256:607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378 - # via tox pyparsing==2.4.7 \ --hash=sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b \ --hash=sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1 From e02e4cef97b60adb38bdabcc22b3fd90d6353d24 Mon Sep 17 00:00:00 2001 From: swetayadav1 Date: Wed, 22 May 2024 18:11:27 +0530 Subject: [PATCH 23/37] Updated md file --- docs/changes/5.5.0.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/changes/5.5.0.md b/docs/changes/5.5.0.md index 9282dee75c..49fa7a09f9 100644 --- a/docs/changes/5.5.0.md +++ b/docs/changes/5.5.0.md @@ -43,6 +43,8 @@ Release date: `2024-xx-xx` - Added `PyQt5-Qt5` 5.15.2 (for Windows and Linux) - Added `setuptools` 69.5.1 - Added `tomli` 2.0.1 +- Removed `py` 1.10.0 +- Removed `pytest-forked` 1.6.0 - Removed `toml` 0.10.2 - Upgraded `actions/cache` from 3 to 4 - Upgraded `actions/download-artifact` from 3 to 4 From 975447ba10e358de30a0ee3d65fba1f197500f82 Mon Sep 17 00:00:00 2001 From: Sweta Yadav <106366788+swetayadav1@users.noreply.github.com> Date: Thu, 23 May 2024 20:49:11 +0530 Subject: [PATCH 24/37] Update 5.5.0.md --- docs/changes/5.5.0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/changes/5.5.0.md b/docs/changes/5.5.0.md index 49fa7a09f9..2ca4b92532 100644 --- a/docs/changes/5.5.0.md +++ b/docs/changes/5.5.0.md @@ -27,7 +27,7 @@ Release date: `2024-xx-xx` ## Tests -- [NXDRIVE-2933](https://jira.nuxeo.com/browse/NXDRIVE-2933): Fix ReDoS in py library when used with subversion +- [NXDRIVE-2933](https://jira.nuxeo.com/browse/NXDRIVE-2933): Fix redos in py library when used with subversion ## Docs From b260682330ab12fcf41303246d9b8a7d1895172f Mon Sep 17 00:00:00 2001 From: Sweta Yadav <106366788+swetayadav1@users.noreply.github.com> Date: Tue, 28 May 2024 02:49:08 -0700 Subject: [PATCH 25/37] NXDRIVE-2936: Fix security issue Requests Session object does not verify requests after making first request with verify=False (#4924) * --- updated-dependencies: - dependency-name: requests dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * Update 5.5.0.md * Update 5.5.0.md --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- docs/changes/5.5.0.md | 2 ++ tools/deps/requirements.txt | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/changes/5.5.0.md b/docs/changes/5.5.0.md index 2ca4b92532..7dd8c35bde 100644 --- a/docs/changes/5.5.0.md +++ b/docs/changes/5.5.0.md @@ -24,6 +24,7 @@ Release date: `2024-xx-xx` - [NXDRIVE-2896](https://jira.nuxeo.com/browse/NXDRIVE-2896): Fix release build for upload/download artifact - [NXDRIVE-2926] (https://jira.nuxeo.com/browse/NXDRIVE-2926): Update github Action Runner to use mac-latest +- [NXDRIVE-2936] (https://jira.nuxeo.com/browse/NXDRIVE-2936): Fix security issue Requests Session object does not verify requests after making first request with verify=False ## Tests @@ -104,6 +105,7 @@ Release date: `2024-xx-xx` - Upgraded `pywin32-ctypes` from 0.2.0 to 0.2.2 - Upgraded `pyyaml` from 5.4.1 to 6.0.1 - Upgraded `regex` from 2023.8.8 to 2023.12.25 +- Upgraded `requests` from 2.31.0 to 2.32.2 - Upgraded `responses` from 0.23.3 to 0.24.1 - Upgraded `s3transfer` from 0.6.0 to 0.10.0 - Upgraded `tld` from 0.12.6 to 0.13 diff --git a/tools/deps/requirements.txt b/tools/deps/requirements.txt index d2cf3b86b1..edc4a0d15a 100644 --- a/tools/deps/requirements.txt +++ b/tools/deps/requirements.txt @@ -398,9 +398,9 @@ pywin32==301; sys_platform == "win32" \ --hash=sha256:8c9d33968aa7fcddf44e47750e18f3d034c3e443a707688a008a2e52bbef7e96 \ --hash=sha256:595d397df65f1b2e0beaca63a883ae6d8b6df1cdea85c16ae85f6d2e648133fe \ --hash=sha256:87604a4087434cd814ad8973bd47d6524bd1fa9e971ce428e76b62a5e0860fdf -requests==2.31.0 \ - --hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f \ - --hash=sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1 +requests==2.32.2 \ + --hash=sha256:dd951ff5ecf3e3b3aa26b40703ba77495dab41da839ae72ef3c8e5d8e2433289 \ + --hash=sha256:fc06670dd0ed212426dfeb94fc1b983d917c4f9847c863f313c9dfaaffb7c23c # via nuxeo send2trash==1.7.1; sys_platform != "darwin" \ --hash=sha256:c20fee8c09378231b3907df9c215ec9766a84ee20053d99fbad854fe8bd42159 \ From 13ae5bdedd1f8917d560b50098c738854f3e56ec Mon Sep 17 00:00:00 2001 From: Sweta Yadav <106366788+swetayadav1@users.noreply.github.com> Date: Tue, 28 May 2024 19:01:44 +0530 Subject: [PATCH 26/37] NXDRIVE-2928: Fix security issue IDNA vulnerable to denial of service from specially crafted inputs to idna.encode (#4865) * Bump idna from 3.6 to 3.7 in /tools/deps Bumps [idna](https://github.com/kjd/idna) from 3.6 to 3.7. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](https://github.com/kjd/idna/compare/v3.6...v3.7) --- updated-dependencies: - dependency-name: idna dependency-type: direct:production ... Signed-off-by: dependabot[bot] * Update 5.5.0.md --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- docs/changes/5.5.0.md | 3 ++- tools/deps/requirements.txt | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/changes/5.5.0.md b/docs/changes/5.5.0.md index 515c99c06d..8c8b1005f0 100644 --- a/docs/changes/5.5.0.md +++ b/docs/changes/5.5.0.md @@ -25,6 +25,7 @@ Release date: `2024-xx-xx` - [NXDRIVE-2896](https://jira.nuxeo.com/browse/NXDRIVE-2896): Fix release build for upload/download artifact - [NXDRIVE-2923](https://jira.nuxeo.com/browse/NXDRIVE-2923): Download nuxeo package from nexus sonatatype - [NXDRIVE-2926] (https://jira.nuxeo.com/browse/NXDRIVE-2926): Update github Action Runner to use mac-latest +- [NXDRIVE-2928](https://jira.nuxeo.com/browse/NXDRIVE-2928): Fix security issue IDNA vulnerable to denial of service from specially crafted inputs to idna.encode - [NXDRIVE-2932] (https://jira.nuxeo.com/browse/NXDRIVE-2932): Fix Microsoft Visual Studio issue - [NXDRIVE-2936] (https://jira.nuxeo.com/browse/NXDRIVE-2936): Fix security issue Requests Session object does not verify requests after making first request with verify=False @@ -74,7 +75,7 @@ Release date: `2024-xx-xx` - Upgraded `faker` from 19.6.2 to 22.0.0 - Upgraded `filelock` from 3.12.4 to 3.14.0 - Upgraded `identify` from 2.5.29 to 2.5.33 -- Upgraded `idna` from 3.4 to 3.6 +- Upgraded `idna` from 3.6 to 3.7 - Upgraded `importlib-metadata` from 6.8.0 to 7.0.1 - Upgraded `junitparser` from 3.1.0 to 3.1.1 - Upgraded `more-itertools` from 10.1.0 to 10.2.0 diff --git a/tools/deps/requirements.txt b/tools/deps/requirements.txt index 9f50e864e6..557eebd10d 100644 --- a/tools/deps/requirements.txt +++ b/tools/deps/requirements.txt @@ -197,9 +197,9 @@ dukpy==0.3.1 \ --hash=sha256:f9500f910c0e50ec98763e7ff3c2e553f40c1f1513301e8a1b42005ccc5ac548 \ --hash=sha256:fbeb35a6c3be2c584bfc1d330b7718be0b1d62d5e85f596e60669f126ad7e6a7 # via pypac -idna==3.6 \ - --hash=sha256:9ecdbbd083b06798ae1e86adcbfe8ab1479cf864e4ee30fe4e46a003d12491ca \ - --hash=sha256:c05567e9c24a6b9faaa835c4821bad0590fbb9d5779e7caa6e1cc4978e7eb24f +idna==3.7 \ + --hash=sha256:028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc \ + --hash=sha256:82fee1fc78add43492d3a1898bfa6d8a904cc97d8427f683ed8e798d07761aa0 # via requests jmespath==1.0.1 \ --hash=sha256:02e2e4cc71b5bcab88332eebf907519190dd9e6e82107fa7f83b1003a6252980 \ From 736ec205f29131e901ba4429db4a14c8dde76704 Mon Sep 17 00:00:00 2001 From: Sweta Yadav <106366788+swetayadav1@users.noreply.github.com> Date: Tue, 28 May 2024 19:04:32 +0530 Subject: [PATCH 27/37] NXDRIVE-2927: Fix security issue black vulnerable to Regular Expression Denial of Service (ReDoS) (#4857) * Bump black from 23.12.1 to 24.4.2 in /tools/deps Bumps [black](https://github.com/psf/black) from 23.12.1 to 24.4.2. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/23.12.1...24.4.2) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] * Update 5.5.0.md --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- docs/changes/5.5.0.md | 3 +- tools/deps/requirements-tests.txt | 46 +++++++++++++++---------------- 2 files changed, 25 insertions(+), 24 deletions(-) diff --git a/docs/changes/5.5.0.md b/docs/changes/5.5.0.md index 8c8b1005f0..f3e6e1cfb7 100644 --- a/docs/changes/5.5.0.md +++ b/docs/changes/5.5.0.md @@ -25,6 +25,7 @@ Release date: `2024-xx-xx` - [NXDRIVE-2896](https://jira.nuxeo.com/browse/NXDRIVE-2896): Fix release build for upload/download artifact - [NXDRIVE-2923](https://jira.nuxeo.com/browse/NXDRIVE-2923): Download nuxeo package from nexus sonatatype - [NXDRIVE-2926] (https://jira.nuxeo.com/browse/NXDRIVE-2926): Update github Action Runner to use mac-latest +- [NXDRIVE-2927](https://jira.nuxeo.com/browse/NXDRIVE-2927): Fix Security issue Black vulnerable to Regular Expression Denial of Service (ReDoS) - [NXDRIVE-2928](https://jira.nuxeo.com/browse/NXDRIVE-2928): Fix security issue IDNA vulnerable to denial of service from specially crafted inputs to idna.encode - [NXDRIVE-2932] (https://jira.nuxeo.com/browse/NXDRIVE-2932): Fix Microsoft Visual Studio issue - [NXDRIVE-2936] (https://jira.nuxeo.com/browse/NXDRIVE-2936): Fix security issue Requests Session object does not verify requests after making first request with verify=False @@ -57,7 +58,7 @@ Release date: `2024-xx-xx` - Upgraded `apipkg` from 1.5 to 3.0.2 - Upgraded `attrs` from 23.1.0 to 23.2.0 - Upgraded `authlib` from 1.1.0 to 1.3.0 -- Upgraded `black` from 23.9.1 to 23.12.1 +- Upgraded `black` from 23.12.1 to 24.4.2 - Upgraded `boto3` from 1.28.50 to 1.34.17 - Upgraded `botocore` from 1.31.50 to 1.34.17 - Upgraded `chardet` from 4.0.0 to 5.2.0 diff --git a/tools/deps/requirements-tests.txt b/tools/deps/requirements-tests.txt index ef213d0e0e..d6303d010a 100644 --- a/tools/deps/requirements-tests.txt +++ b/tools/deps/requirements-tests.txt @@ -15,29 +15,29 @@ attrs==23.2.0 \ --hash=sha256:935dc3b529c262f6cf76e50877d35a4bd3c1de194fd41f47a2b7ae8f19971f30 \ --hash=sha256:99b87a485a5820b23b879f04c2305b44b951b502fd64be915879d77a7e8fc6f1 # via pytest -black==23.12.1 \ - --hash=sha256:0808494f2b2df923ffc5723ed3c7b096bd76341f6213989759287611e9837d50 \ - --hash=sha256:1fa88a0f74e50e4487477bc0bb900c6781dbddfdfa32691e780bf854c3b4a47f \ - --hash=sha256:25e57fd232a6d6ff3f4478a6fd0580838e47c93c83eaf1ccc92d4faf27112c4e \ - --hash=sha256:2d9e13db441c509a3763a7a3d9a49ccc1b4e974a47be4e08ade2a228876500ec \ - --hash=sha256:3e1b38b3135fd4c025c28c55ddfc236b05af657828a8a6abe5deec419a0b7055 \ - --hash=sha256:3fa4be75ef2a6b96ea8d92b1587dd8cb3a35c7e3d51f0738ced0781c3aa3a5a3 \ - --hash=sha256:4ce3ef14ebe8d9509188014d96af1c456a910d5b5cbf434a09fef7e024b3d0d5 \ - --hash=sha256:4f0031eaa7b921db76decd73636ef3a12c942ed367d8c3841a0739412b260a54 \ - --hash=sha256:602cfb1196dc692424c70b6507593a2b29aac0547c1be9a1d1365f0d964c353b \ - --hash=sha256:6d1bd9c210f8b109b1762ec9fd36592fdd528485aadb3f5849b2740ef17e674e \ - --hash=sha256:78baad24af0f033958cad29731e27363183e140962595def56423e626f4bee3e \ - --hash=sha256:8d4df77958a622f9b5a4c96edb4b8c0034f8434032ab11077ec6c56ae9f384ba \ - --hash=sha256:97e56155c6b737854e60a9ab1c598ff2533d57e7506d97af5481141671abf3ea \ - --hash=sha256:9c4352800f14be5b4864016882cdba10755bd50805c95f728011bcb47a4afd59 \ - --hash=sha256:a4d6a9668e45ad99d2f8ec70d5c8c04ef4f32f648ef39048d010b0689832ec6d \ - --hash=sha256:a920b569dc6b3472513ba6ddea21f440d4b4c699494d2e972a1753cdc25df7b0 \ - --hash=sha256:ae76c22bde5cbb6bfd211ec343ded2163bba7883c7bc77f6b756a1049436fbb9 \ - --hash=sha256:b18fb2ae6c4bb63eebe5be6bd869ba2f14fd0259bda7d18a46b764d8fb86298a \ - --hash=sha256:c04b6d9d20e9c13f43eee8ea87d44156b8505ca8a3c878773f68b4e4812a421e \ - --hash=sha256:c88b3711d12905b74206227109272673edce0cb29f27e1385f33b0163c414bba \ - --hash=sha256:dd15245c8b68fe2b6bd0f32c1556509d11bb33aec9b5d0866dd8e2ed3dba09c2 \ - --hash=sha256:e0aaf6041986767a5e0ce663c7a2f0e9eaf21e6ff87a5f95cbf3675bfd4c41d2 +black==24.4.2 \ + --hash=sha256:257d724c2c9b1660f353b36c802ccece186a30accc7742c176d29c146df6e474 \ + --hash=sha256:37aae07b029fa0174d39daf02748b379399b909652a806e5708199bd93899da1 \ + --hash=sha256:415e686e87dbbe6f4cd5ef0fbf764af7b89f9057b97c908742b6008cc554b9c0 \ + --hash=sha256:48a85f2cb5e6799a9ef05347b476cce6c182d6c71ee36925a6c194d074336ef8 \ + --hash=sha256:7768a0dbf16a39aa5e9a3ded568bb545c8c2727396d063bbaf847df05b08cd96 \ + --hash=sha256:7e122b1c4fb252fd85df3ca93578732b4749d9be076593076ef4d07a0233c3e1 \ + --hash=sha256:88c57dc656038f1ab9f92b3eb5335ee9b021412feaa46330d5eba4e51fe49b04 \ + --hash=sha256:8e537d281831ad0e71007dcdcbe50a71470b978c453fa41ce77186bbe0ed6021 \ + --hash=sha256:98e123f1d5cfd42f886624d84464f7756f60ff6eab89ae845210631714f6db94 \ + --hash=sha256:accf49e151c8ed2c0cdc528691838afd217c50412534e876a19270fea1e28e2d \ + --hash=sha256:b1530ae42e9d6d5b670a34db49a94115a64596bc77710b1d05e9801e62ca0a7c \ + --hash=sha256:b9176b9832e84308818a99a561e90aa479e73c523b3f77afd07913380ae2eab7 \ + --hash=sha256:bdde6f877a18f24844e381d45e9947a49e97933573ac9d4345399be37621e26c \ + --hash=sha256:be8bef99eb46d5021bf053114442914baeb3649a89dc5f3a555c88737e5e98fc \ + --hash=sha256:bf10f7310db693bb62692609b397e8d67257c55f949abde4c67f9cc574492cc7 \ + --hash=sha256:c872b53057f000085da66a19c55d68f6f8ddcac2642392ad3a355878406fbd4d \ + --hash=sha256:d36ed1124bb81b32f8614555b34cc4259c3fbc7eec17870e8ff8ded335b58d8c \ + --hash=sha256:da33a1a5e49c4122ccdfd56cd021ff1ebc4a1ec4e2d01594fef9b6f267a9e741 \ + --hash=sha256:dd1b5a14e417189db4c7b64a6540f31730713d173f0b63e55fabd52d61d8fdce \ + --hash=sha256:e151054aa00bad1f4e1f04919542885f89f5f7d086b8a59e5000e6c616896ffb \ + --hash=sha256:eaea3008c281f1038edb473c1aa8ed8143a5535ff18f978a318f10302b254063 \ + --hash=sha256:ef703f83fc32e131e9bcc0a5094cfe85599e7109f896fe8bc96cc402f3eb4b6e click==8.1.7 \ --hash=sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28 \ --hash=sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de From 2e3f779338fb6800793eb267369fb7e57eaab967 Mon Sep 17 00:00:00 2001 From: Sweta Yadav <106366788+swetayadav1@users.noreply.github.com> Date: Tue, 28 May 2024 19:08:52 +0530 Subject: [PATCH 28/37] NXDRIVE-2920: Upgrade to TLS 1.2 (#4780) * NXDRIVE: Fix use of insecure SSL/TLS version: security alert-#4 * NXDRIVE-2920: Upgrade to TLS 1.2 * NXDRIVE-2920: Upgrade to TLS 1.2 * NXDRIVE-2920: Upgrade to TLS 1.2 * NXDRIVE-2920: Upgrade to TLS 1.2 --- docs/changes/5.5.0.md | 2 +- nxdrive/utils.py | 7 ++++++- tools/skiplist.py | 1 + 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/changes/5.5.0.md b/docs/changes/5.5.0.md index f3e6e1cfb7..bf7f7e64e2 100644 --- a/docs/changes/5.5.0.md +++ b/docs/changes/5.5.0.md @@ -6,7 +6,7 @@ Release date: `2024-xx-xx` - [NXDRIVE-2882](https://jira.nuxeo.com/browse/NXDRIVE-2882): fix_db should create dump.sql in same dir as db - [NXDRIVE-2901](https://jira.nuxeo.com/browse/NXDRIVE-2901): Authorization Error for OAuth -- [NXDRIVE-2](https://jira.nuxeo.com/browse/NXDRIVE-2): +- [NXDRIVE-2920](https://jira.nuxeo.com/browse/NXDRIVE-2920): Upgrade to TLS 1.2 ### Direct Edit diff --git a/nxdrive/utils.py b/nxdrive/utils.py index 1b7c5cec92..0917edd682 100644 --- a/nxdrive/utils.py +++ b/nxdrive/utils.py @@ -68,6 +68,8 @@ "notBefore": "N/A", } +MINIMUM_TLS_VERSION = "TLSv1_2" + log = getLogger(__name__) @@ -604,7 +606,10 @@ def retrieve_ssl_certificate(hostname: str, /, *, port: int = 443) -> str: import ssl with ssl.create_connection((hostname, port)) as conn: # type: ignore - with ssl.SSLContext().wrap_socket(conn, server_hostname=hostname) as sock: + # Declaring a minimum version to restrict the protocol + context = ssl.create_default_context() + context.minimum_version = getattr(ssl.TLSVersion, MINIMUM_TLS_VERSION) + with context.wrap_socket(conn, server_hostname=hostname) as sock: cert_data: bytes = sock.getpeercert(binary_form=True) # type: ignore return ssl.DER_cert_to_PEM_cert(cert_data) diff --git a/tools/skiplist.py b/tools/skiplist.py index 57a411e5fd..a828329689 100644 --- a/tools/skiplist.py +++ b/tools/skiplist.py @@ -22,6 +22,7 @@ CliHandler.unbind_server # Used by the arguments parser CustomWindow.keyPressEvent # Called by base class _.close_settings_too # Used by Appiclation.show_filters() +context.minimum_version # Used to set TLS minimum version DirectTransferModel.destination_link # Used in QML DocPair.last_sync_error_date # Check NXDRIVE-1804 Download.transfer_type # Used in QML From d91efd990ce2a7377f533e6d093bc4d91ecc5793 Mon Sep 17 00:00:00 2001 From: Sweta Yadav Date: Wed, 29 May 2024 11:44:44 +0530 Subject: [PATCH 29/37] Fixed style issues --- nxdrive/__main__.py | 1 + nxdrive/behavior.py | 1 + nxdrive/client/local/__init__.py | 1 + nxdrive/client/uploader/__init__.py | 1 + nxdrive/client/uploader/direct_transfer.py | 1 + nxdrive/client/uploader/sync.py | 1 + nxdrive/dao/base.py | 1 + nxdrive/dao/engine.py | 1 + nxdrive/dao/manager.py | 1 + nxdrive/fatal_error.py | 1 + nxdrive/feature.py | 1 + nxdrive/gui/application.py | 1 + nxdrive/osi/darwin/pyNotificationCenter.py | 1 + nxdrive/qt/constants.py | 1 + nxdrive/qt/imports.py | 1 + nxdrive/state.py | 1 + nxdrive/utils.py | 1 + 17 files changed, 17 insertions(+) diff --git a/nxdrive/__main__.py b/nxdrive/__main__.py index 0609ba2198..2c26909aa5 100644 --- a/nxdrive/__main__.py +++ b/nxdrive/__main__.py @@ -2,6 +2,7 @@ In this file we cannot use a relative import here, else Drive will not start when packaged. See https://github.com/pyinstaller/pyinstaller/issues/2560 """ + import locale import platform import signal diff --git a/nxdrive/behavior.py b/nxdrive/behavior.py index 487941eba4..1c6f0a84df 100644 --- a/nxdrive/behavior.py +++ b/nxdrive/behavior.py @@ -11,6 +11,7 @@ Allow or disallow server deletions. """ + from types import SimpleNamespace Behavior = SimpleNamespace(server_deletion=True) diff --git a/nxdrive/client/local/__init__.py b/nxdrive/client/local/__init__.py index 912d966266..86a4014bd9 100644 --- a/nxdrive/client/local/__init__.py +++ b/nxdrive/client/local/__init__.py @@ -1,4 +1,5 @@ """ API to access local resources for synchronization. """ + from .base import FileInfo, get # Get the local client related to the current OS diff --git a/nxdrive/client/uploader/__init__.py b/nxdrive/client/uploader/__init__.py index 601d90db8c..533ff59674 100644 --- a/nxdrive/client/uploader/__init__.py +++ b/nxdrive/client/uploader/__init__.py @@ -1,6 +1,7 @@ """ Uploader used by the Remote client for all upload stuff. """ + import json from abc import abstractmethod from logging import getLogger diff --git a/nxdrive/client/uploader/direct_transfer.py b/nxdrive/client/uploader/direct_transfer.py index 95143edfe5..8a17f9722a 100644 --- a/nxdrive/client/uploader/direct_transfer.py +++ b/nxdrive/client/uploader/direct_transfer.py @@ -1,6 +1,7 @@ """ Uploader used by the Direct Transfer feature. """ + import json from logging import getLogger from pathlib import Path diff --git a/nxdrive/client/uploader/sync.py b/nxdrive/client/uploader/sync.py index 0d1804f6c1..8a06b1b48e 100644 --- a/nxdrive/client/uploader/sync.py +++ b/nxdrive/client/uploader/sync.py @@ -1,6 +1,7 @@ """ Uploader used by the synchronization engine. """ + from pathlib import Path from typing import Any, Dict, Optional diff --git a/nxdrive/dao/base.py b/nxdrive/dao/base.py index 24bce57600..ab3462ddb4 100644 --- a/nxdrive/dao/base.py +++ b/nxdrive/dao/base.py @@ -1,6 +1,7 @@ """ Query formatting in this file is based on http://www.sqlstyle.guide/ """ + import sys from contextlib import suppress from logging import getLogger diff --git a/nxdrive/dao/engine.py b/nxdrive/dao/engine.py index 9f52a18d90..97b0ee2781 100644 --- a/nxdrive/dao/engine.py +++ b/nxdrive/dao/engine.py @@ -1,6 +1,7 @@ """ Query formatting in this file is based on http://www.sqlstyle.guide/ """ + import json import os import shutil diff --git a/nxdrive/dao/manager.py b/nxdrive/dao/manager.py index 0095b71da2..0425ff50e5 100644 --- a/nxdrive/dao/manager.py +++ b/nxdrive/dao/manager.py @@ -1,6 +1,7 @@ """ Query formatting in this file is based on http://www.sqlstyle.guide/ """ + from logging import getLogger from pathlib import Path from sqlite3 import Cursor, IntegrityError, Row diff --git a/nxdrive/fatal_error.py b/nxdrive/fatal_error.py index b5771dded2..9c0d7f100b 100644 --- a/nxdrive/fatal_error.py +++ b/nxdrive/fatal_error.py @@ -1,6 +1,7 @@ """ Fatal error screen management using either Qt or OS-specific dialogs. """ + import sys from contextlib import suppress from pathlib import Path diff --git a/nxdrive/feature.py b/nxdrive/feature.py index 2d64aeca14..174ea1b6fe 100644 --- a/nxdrive/feature.py +++ b/nxdrive/feature.py @@ -22,6 +22,7 @@ Enable or disable the synchronization features. """ + from types import SimpleNamespace from typing import List diff --git a/nxdrive/gui/application.py b/nxdrive/gui/application.py index 609768aed5..e23b2e7bcc 100644 --- a/nxdrive/gui/application.py +++ b/nxdrive/gui/application.py @@ -1,4 +1,5 @@ """ Main Qt application handling OS events and system tray UI. """ + import os import webbrowser from contextlib import suppress diff --git a/nxdrive/osi/darwin/pyNotificationCenter.py b/nxdrive/osi/darwin/pyNotificationCenter.py index 171632ed9b..8b0043acd3 100644 --- a/nxdrive/osi/darwin/pyNotificationCenter.py +++ b/nxdrive/osi/darwin/pyNotificationCenter.py @@ -1,4 +1,5 @@ """ Python integration macOS notification center. """ + from typing import TYPE_CHECKING, Dict from CoreServices import ( diff --git a/nxdrive/qt/constants.py b/nxdrive/qt/constants.py index 3aac258c2e..d81e5f42be 100644 --- a/nxdrive/qt/constants.py +++ b/nxdrive/qt/constants.py @@ -1,6 +1,7 @@ """ Put here all PyQt constants used across the project. """ + from .imports import ( QAbstractSocket, QDialogButtonBox, diff --git a/nxdrive/qt/imports.py b/nxdrive/qt/imports.py index 9187f27799..86af2e3cb8 100644 --- a/nxdrive/qt/imports.py +++ b/nxdrive/qt/imports.py @@ -1,6 +1,7 @@ """ Put here all PyQt imports used across the project. """ + from PyQt5.QtCore import ( QT_VERSION_STR, QAbstractListModel, diff --git a/nxdrive/state.py b/nxdrive/state.py index 8ea37ed349..d15ac06444 100644 --- a/nxdrive/state.py +++ b/nxdrive/state.py @@ -11,6 +11,7 @@ This state is set at the start of the application to know if it has crashed at the previous run. """ + from types import SimpleNamespace State = SimpleNamespace(about_to_quit=False, crash_details="", has_crashed=False) diff --git a/nxdrive/utils.py b/nxdrive/utils.py index 1b7c5cec92..34e762ead7 100644 --- a/nxdrive/utils.py +++ b/nxdrive/utils.py @@ -5,6 +5,7 @@ Most of functions are pure enough to be decorated with a LRU cache. Each *maxsize* is adjusted depending of the heavy use of the decorated function. """ + import os import os.path import re From 8a08a7772b95e16525d2bc4d5c77e90f9edc1cf6 Mon Sep 17 00:00:00 2001 From: Sweta Yadav <106366788+swetayadav1@users.noreply.github.com> Date: Wed, 29 May 2024 16:45:40 +0530 Subject: [PATCH 30/37] Fixed style error --- nxdrive/engine/engine.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/nxdrive/engine/engine.py b/nxdrive/engine/engine.py index 6e3a5e22f8..d0d1cff597 100644 --- a/nxdrive/engine/engine.py +++ b/nxdrive/engine/engine.py @@ -819,9 +819,7 @@ def resume_transfer( meth = ( self.dao.get_download if nature == "download" - else self.dao.get_dt_upload - if is_direct_transfer - else self.dao.get_upload + else self.dao.get_dt_upload if is_direct_transfer else self.dao.get_upload ) func = partial(meth, uid=uid) # type: ignore self._resume_transfers(nature, func, is_direct_transfer=is_direct_transfer) From ce33ba1bec0a6a4fb95e61618c0d3915ee7c6c9d Mon Sep 17 00:00:00 2001 From: Sweta Yadav Date: Thu, 30 May 2024 12:24:15 +0530 Subject: [PATCH 31/37] Fixed style issues --- tests/benchmarks/test_safe_filename.py | 1 + tests/cleanup.py | 1 + tests/markers.py | 1 + tests/old_functional/common.py | 1 + tests/old_functional/test_behavior.py | 1 + tests/old_functional/test_direct_transfer.py | 3 ++- tests/old_functional/test_local_changes_when_offline.py | 1 + tests/old_functional/test_local_client.py | 1 + tests/old_functional/test_synchronization_dedup.py | 1 + tests/old_functional/test_transfer.py | 1 + tests/unit/test_autolock.py | 1 + tests/unit/test_pytest_random.py | 1 + 12 files changed, 13 insertions(+), 1 deletion(-) diff --git a/tests/benchmarks/test_safe_filename.py b/tests/benchmarks/test_safe_filename.py index f0c10d9cf5..6ad8662573 100644 --- a/tests/benchmarks/test_safe_filename.py +++ b/tests/benchmarks/test_safe_filename.py @@ -3,6 +3,7 @@ If is not the most efficient for small ASCII-only filenames, but it is the best when there are non-ASCII characters. """ + import pytest FILENAMES = [ diff --git a/tests/cleanup.py b/tests/cleanup.py index 1e3cf95cad..087832f0b1 100644 --- a/tests/cleanup.py +++ b/tests/cleanup.py @@ -1,4 +1,5 @@ """Cleanup old test users and workspaces.""" + import env from nuxeo.client import Nuxeo diff --git a/tests/markers.py b/tests/markers.py index d618ed386a..efa7ad8047 100644 --- a/tests/markers.py +++ b/tests/markers.py @@ -1,4 +1,5 @@ """Collection of pytest markers to ease test filtering.""" + import os import pytest diff --git a/tests/old_functional/common.py b/tests/old_functional/common.py index 2d6be8b238..16b2053a06 100644 --- a/tests/old_functional/common.py +++ b/tests/old_functional/common.py @@ -1,4 +1,5 @@ """ Common test utilities. """ + import os import sys import tempfile diff --git a/tests/old_functional/test_behavior.py b/tests/old_functional/test_behavior.py index 9592ffb135..8c7ab640f9 100644 --- a/tests/old_functional/test_behavior.py +++ b/tests/old_functional/test_behavior.py @@ -1,6 +1,7 @@ """ Test application Behavior. """ + from nxdrive.behavior import Behavior from .. import ensure_no_exception diff --git a/tests/old_functional/test_direct_transfer.py b/tests/old_functional/test_direct_transfer.py index 63309ab93a..55bb49dd20 100644 --- a/tests/old_functional/test_direct_transfer.py +++ b/tests/old_functional/test_direct_transfer.py @@ -1,6 +1,7 @@ """ Test the Direct Transfer feature in different scenarii. """ + import logging import re from pathlib import Path @@ -725,7 +726,7 @@ def checks(self, created): assert not self.engine_1.dao.get_errors(limit=0) def direct_transfer(self, folder, duplicate_behavior: str = "create") -> None: - paths = {path: size for path, size in get_tree_list(folder)} + paths = dict(get_tree_list(folder)) self.engine_1.direct_transfer( paths, self.ws.path, diff --git a/tests/old_functional/test_local_changes_when_offline.py b/tests/old_functional/test_local_changes_when_offline.py index 1b3923834f..e26c7938b7 100644 --- a/tests/old_functional/test_local_changes_when_offline.py +++ b/tests/old_functional/test_local_changes_when_offline.py @@ -2,6 +2,7 @@ Test if changes made to local file system when Drive is offline sync's back later when Drive becomes online. """ + import pytest from nxdrive.constants import WINDOWS diff --git a/tests/old_functional/test_local_client.py b/tests/old_functional/test_local_client.py index 175c4103df..98f474a906 100644 --- a/tests/old_functional/test_local_client.py +++ b/tests/old_functional/test_local_client.py @@ -4,6 +4,7 @@ See NXDRIVE-742. """ + import hashlib import os from pathlib import Path diff --git a/tests/old_functional/test_synchronization_dedup.py b/tests/old_functional/test_synchronization_dedup.py index d4c2979e8b..6cdff02a54 100644 --- a/tests/old_functional/test_synchronization_dedup.py +++ b/tests/old_functional/test_synchronization_dedup.py @@ -1,6 +1,7 @@ """ Test behaviors when the server allows duplicates and not the client. """ + from pathlib import Path import pytest diff --git a/tests/old_functional/test_transfer.py b/tests/old_functional/test_transfer.py index 6ac830a9b7..72e85b20eb 100644 --- a/tests/old_functional/test_transfer.py +++ b/tests/old_functional/test_transfer.py @@ -1,6 +1,7 @@ """ Test pause/resume transfers in different scenarii. """ + import re from unittest.mock import patch diff --git a/tests/unit/test_autolock.py b/tests/unit/test_autolock.py index 3e9d240403..b2a8975876 100644 --- a/tests/unit/test_autolock.py +++ b/tests/unit/test_autolock.py @@ -1,6 +1,7 @@ """ Test the Auto-Lock feature used heavily by Direct Edit. """ + from pathlib import Path from typing import List, Tuple from unittest.mock import Mock, patch diff --git a/tests/unit/test_pytest_random.py b/tests/unit/test_pytest_random.py index 6112825756..1ee6010938 100644 --- a/tests/unit/test_pytest_random.py +++ b/tests/unit/test_pytest_random.py @@ -2,6 +2,7 @@ Tests for pytests_random: a pytest plugin to mitigate random failures. Adapted from github.com/pytest-dev/pytest-rerunfailures """ + import pytest pytest_plugins = "pytester" From 8724f64eb45beacf2c8b36fec629655a9013a0a8 Mon Sep 17 00:00:00 2001 From: Sweta Yadav <106366788+swetayadav1@users.noreply.github.com> Date: Thu, 30 May 2024 12:48:04 +0530 Subject: [PATCH 32/37] Fixed style error: Update test_cli.py --- tests/integration/windows/test_cli.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/integration/windows/test_cli.py b/tests/integration/windows/test_cli.py index 5ebecfa80c..a9619fd0a7 100644 --- a/tests/integration/windows/test_cli.py +++ b/tests/integration/windows/test_cli.py @@ -108,7 +108,9 @@ def test_argument_log_filename(exe, tmp, file): assert log.is_file() -@pytest.mark.parametrize("folder", ["azerty", "$alice", "léa", "mi Kaël", "こん ツリ ^^"]) +@pytest.mark.parametrize( + "folder", ["azerty", "$alice", "léa", "mi Kaël", "こん ツリ ^^"] +) def test_argument_nxdrive_home(exe, tmp, folder): path = tmp() path.mkdir(parents=True, exist_ok=True) From ca456622efd9dc5f5bee1607df4a3406ba3adafd Mon Sep 17 00:00:00 2001 From: swetayadav1 Date: Thu, 20 Jun 2024 14:19:23 +0530 Subject: [PATCH 33/37] Fixed code style issue --- tools/cleanup_application_tree.py | 1 + tools/jenkins/junit/merge.py | 1 + tools/scripts/csv_to_log.py | 1 + 3 files changed, 3 insertions(+) diff --git a/tools/cleanup_application_tree.py b/tools/cleanup_application_tree.py index 66e2fd0c08..8945094b19 100644 --- a/tools/cleanup_application_tree.py +++ b/tools/cleanup_application_tree.py @@ -2,6 +2,7 @@ Remove files from the package that are not needed and too big. This script can be launched after PyInstaller and before installers creation. """ + import os import shutil import sys diff --git a/tools/jenkins/junit/merge.py b/tools/jenkins/junit/merge.py index 6680a43ee5..066d21e022 100644 --- a/tools/jenkins/junit/merge.py +++ b/tools/jenkins/junit/merge.py @@ -19,6 +19,7 @@ Léa Klein Mickaël Schoentgen """ + import os import sys from pathlib import Path diff --git a/tools/scripts/csv_to_log.py b/tools/scripts/csv_to_log.py index 9ed52b29f6..c358a4aa83 100644 --- a/tools/scripts/csv_to_log.py +++ b/tools/scripts/csv_to_log.py @@ -2,6 +2,7 @@ Convert a CSV "log" file to a real log file. Such files are ones attached to NCO tickets. """ + import csv import sys from pathlib import Path From 0483482d1ded54c36655ce474453ff8b6cfbc59c Mon Sep 17 00:00:00 2001 From: "GitHub-CI action (Release)" Date: Wed, 3 Jul 2024 12:24:25 +0530 Subject: [PATCH 34/37] revert changes to behaviour.py --- nxdrive/behavior.py | 1 - 1 file changed, 1 deletion(-) diff --git a/nxdrive/behavior.py b/nxdrive/behavior.py index 1c6f0a84df..487941eba4 100644 --- a/nxdrive/behavior.py +++ b/nxdrive/behavior.py @@ -11,7 +11,6 @@ Allow or disallow server deletions. """ - from types import SimpleNamespace Behavior = SimpleNamespace(server_deletion=True) From b30c305ba36bd35fedd9f5217a5c12e18f456583 Mon Sep 17 00:00:00 2001 From: Sweta Yadav Date: Wed, 3 Jul 2024 14:48:40 +0530 Subject: [PATCH 35/37] Removed black dependency --- docs/changes/5.5.0.md | 2 - nxdrive/__main__.py | 1 - nxdrive/client/local/__init__.py | 1 - nxdrive/client/uploader/__init__.py | 1 - nxdrive/client/uploader/direct_transfer.py | 1 - nxdrive/client/uploader/sync.py | 1 - nxdrive/dao/base.py | 1 - nxdrive/dao/engine.py | 1 - nxdrive/dao/manager.py | 1 - nxdrive/engine/engine.py | 4 +- nxdrive/fatal_error.py | 1 - nxdrive/feature.py | 1 - nxdrive/gui/application.py | 1 - nxdrive/osi/darwin/pyNotificationCenter.py | 1 - nxdrive/qt/constants.py | 1 - nxdrive/qt/imports.py | 1 - nxdrive/state.py | 1 - nxdrive/utils.py | 1 - tests/benchmarks/test_safe_filename.py | 1 - tests/cleanup.py | 1 - tests/markers.py | 1 - tests/old_functional/common.py | 1 - tests/old_functional/test_behavior.py | 1 - tests/old_functional/test_direct_transfer.py | 1 - .../test_local_changes_when_offline.py | 1 - tests/old_functional/test_local_client.py | 1 - .../test_synchronization_dedup.py | 1 - tests/old_functional/test_transfer.py | 1 - tests/unit/test_autolock.py | 1 - tests/unit/test_pytest_random.py | 1 - tools/cleanup_application_tree.py | 1 - tools/deps/requirements-tests.txt | 46 +++++++++---------- tools/jenkins/junit/merge.py | 1 - tools/scripts/csv_to_log.py | 1 - 34 files changed, 26 insertions(+), 57 deletions(-) diff --git a/docs/changes/5.5.0.md b/docs/changes/5.5.0.md index 67708b361e..faf35b0f80 100644 --- a/docs/changes/5.5.0.md +++ b/docs/changes/5.5.0.md @@ -20,7 +20,6 @@ Release date: `2024-xx-xx` ## Packaging / Build -- [NXDRIVE-2927](https://jira.nuxeo.com/browse/NXDRIVE-2927): Fix Security issue Black vulnerable to Regular Expression Denial of Service (ReDoS) - [NXDRIVE-2928](https://jira.nuxeo.com/browse/NXDRIVE-2928): Fix security issue IDNA vulnerable to denial of service from specially crafted inputs to idna.encode - [NXDRIVE-2936] (https://jira.nuxeo.com/browse/NXDRIVE-2936): Fix security issue Requests Session object does not verify requests after making first request with verify=False @@ -38,7 +37,6 @@ Release date: `2024-xx-xx` - Added `pyproject-api` 1.6.1 - Removed `py` 1.10.0 - Removed `pytest-forked` 1.6.0 -- Upgraded `black` from 23.12.1 to 24.4.2 - Upgraded `build` from 1.1.1 to 1.2.1 - Upgraded `chardet` from 4.0.0 to 5.2.0 - Upgraded `exceptiongroup` from 1.2.0 to 1.2.1 diff --git a/nxdrive/__main__.py b/nxdrive/__main__.py index 2c26909aa5..0609ba2198 100644 --- a/nxdrive/__main__.py +++ b/nxdrive/__main__.py @@ -2,7 +2,6 @@ In this file we cannot use a relative import here, else Drive will not start when packaged. See https://github.com/pyinstaller/pyinstaller/issues/2560 """ - import locale import platform import signal diff --git a/nxdrive/client/local/__init__.py b/nxdrive/client/local/__init__.py index 86a4014bd9..912d966266 100644 --- a/nxdrive/client/local/__init__.py +++ b/nxdrive/client/local/__init__.py @@ -1,5 +1,4 @@ """ API to access local resources for synchronization. """ - from .base import FileInfo, get # Get the local client related to the current OS diff --git a/nxdrive/client/uploader/__init__.py b/nxdrive/client/uploader/__init__.py index 533ff59674..601d90db8c 100644 --- a/nxdrive/client/uploader/__init__.py +++ b/nxdrive/client/uploader/__init__.py @@ -1,7 +1,6 @@ """ Uploader used by the Remote client for all upload stuff. """ - import json from abc import abstractmethod from logging import getLogger diff --git a/nxdrive/client/uploader/direct_transfer.py b/nxdrive/client/uploader/direct_transfer.py index 8a17f9722a..95143edfe5 100644 --- a/nxdrive/client/uploader/direct_transfer.py +++ b/nxdrive/client/uploader/direct_transfer.py @@ -1,7 +1,6 @@ """ Uploader used by the Direct Transfer feature. """ - import json from logging import getLogger from pathlib import Path diff --git a/nxdrive/client/uploader/sync.py b/nxdrive/client/uploader/sync.py index 8a06b1b48e..0d1804f6c1 100644 --- a/nxdrive/client/uploader/sync.py +++ b/nxdrive/client/uploader/sync.py @@ -1,7 +1,6 @@ """ Uploader used by the synchronization engine. """ - from pathlib import Path from typing import Any, Dict, Optional diff --git a/nxdrive/dao/base.py b/nxdrive/dao/base.py index ab3462ddb4..24bce57600 100644 --- a/nxdrive/dao/base.py +++ b/nxdrive/dao/base.py @@ -1,7 +1,6 @@ """ Query formatting in this file is based on http://www.sqlstyle.guide/ """ - import sys from contextlib import suppress from logging import getLogger diff --git a/nxdrive/dao/engine.py b/nxdrive/dao/engine.py index 97b0ee2781..9f52a18d90 100644 --- a/nxdrive/dao/engine.py +++ b/nxdrive/dao/engine.py @@ -1,7 +1,6 @@ """ Query formatting in this file is based on http://www.sqlstyle.guide/ """ - import json import os import shutil diff --git a/nxdrive/dao/manager.py b/nxdrive/dao/manager.py index 0425ff50e5..0095b71da2 100644 --- a/nxdrive/dao/manager.py +++ b/nxdrive/dao/manager.py @@ -1,7 +1,6 @@ """ Query formatting in this file is based on http://www.sqlstyle.guide/ """ - from logging import getLogger from pathlib import Path from sqlite3 import Cursor, IntegrityError, Row diff --git a/nxdrive/engine/engine.py b/nxdrive/engine/engine.py index d0d1cff597..6e3a5e22f8 100644 --- a/nxdrive/engine/engine.py +++ b/nxdrive/engine/engine.py @@ -819,7 +819,9 @@ def resume_transfer( meth = ( self.dao.get_download if nature == "download" - else self.dao.get_dt_upload if is_direct_transfer else self.dao.get_upload + else self.dao.get_dt_upload + if is_direct_transfer + else self.dao.get_upload ) func = partial(meth, uid=uid) # type: ignore self._resume_transfers(nature, func, is_direct_transfer=is_direct_transfer) diff --git a/nxdrive/fatal_error.py b/nxdrive/fatal_error.py index 9c0d7f100b..b5771dded2 100644 --- a/nxdrive/fatal_error.py +++ b/nxdrive/fatal_error.py @@ -1,7 +1,6 @@ """ Fatal error screen management using either Qt or OS-specific dialogs. """ - import sys from contextlib import suppress from pathlib import Path diff --git a/nxdrive/feature.py b/nxdrive/feature.py index 174ea1b6fe..2d64aeca14 100644 --- a/nxdrive/feature.py +++ b/nxdrive/feature.py @@ -22,7 +22,6 @@ Enable or disable the synchronization features. """ - from types import SimpleNamespace from typing import List diff --git a/nxdrive/gui/application.py b/nxdrive/gui/application.py index e23b2e7bcc..609768aed5 100644 --- a/nxdrive/gui/application.py +++ b/nxdrive/gui/application.py @@ -1,5 +1,4 @@ """ Main Qt application handling OS events and system tray UI. """ - import os import webbrowser from contextlib import suppress diff --git a/nxdrive/osi/darwin/pyNotificationCenter.py b/nxdrive/osi/darwin/pyNotificationCenter.py index 8b0043acd3..171632ed9b 100644 --- a/nxdrive/osi/darwin/pyNotificationCenter.py +++ b/nxdrive/osi/darwin/pyNotificationCenter.py @@ -1,5 +1,4 @@ """ Python integration macOS notification center. """ - from typing import TYPE_CHECKING, Dict from CoreServices import ( diff --git a/nxdrive/qt/constants.py b/nxdrive/qt/constants.py index d81e5f42be..3aac258c2e 100644 --- a/nxdrive/qt/constants.py +++ b/nxdrive/qt/constants.py @@ -1,7 +1,6 @@ """ Put here all PyQt constants used across the project. """ - from .imports import ( QAbstractSocket, QDialogButtonBox, diff --git a/nxdrive/qt/imports.py b/nxdrive/qt/imports.py index 86af2e3cb8..9187f27799 100644 --- a/nxdrive/qt/imports.py +++ b/nxdrive/qt/imports.py @@ -1,7 +1,6 @@ """ Put here all PyQt imports used across the project. """ - from PyQt5.QtCore import ( QT_VERSION_STR, QAbstractListModel, diff --git a/nxdrive/state.py b/nxdrive/state.py index d15ac06444..8ea37ed349 100644 --- a/nxdrive/state.py +++ b/nxdrive/state.py @@ -11,7 +11,6 @@ This state is set at the start of the application to know if it has crashed at the previous run. """ - from types import SimpleNamespace State = SimpleNamespace(about_to_quit=False, crash_details="", has_crashed=False) diff --git a/nxdrive/utils.py b/nxdrive/utils.py index 5edf1cbc35..0917edd682 100644 --- a/nxdrive/utils.py +++ b/nxdrive/utils.py @@ -5,7 +5,6 @@ Most of functions are pure enough to be decorated with a LRU cache. Each *maxsize* is adjusted depending of the heavy use of the decorated function. """ - import os import os.path import re diff --git a/tests/benchmarks/test_safe_filename.py b/tests/benchmarks/test_safe_filename.py index 6ad8662573..f0c10d9cf5 100644 --- a/tests/benchmarks/test_safe_filename.py +++ b/tests/benchmarks/test_safe_filename.py @@ -3,7 +3,6 @@ If is not the most efficient for small ASCII-only filenames, but it is the best when there are non-ASCII characters. """ - import pytest FILENAMES = [ diff --git a/tests/cleanup.py b/tests/cleanup.py index 087832f0b1..1e3cf95cad 100644 --- a/tests/cleanup.py +++ b/tests/cleanup.py @@ -1,5 +1,4 @@ """Cleanup old test users and workspaces.""" - import env from nuxeo.client import Nuxeo diff --git a/tests/markers.py b/tests/markers.py index efa7ad8047..d618ed386a 100644 --- a/tests/markers.py +++ b/tests/markers.py @@ -1,5 +1,4 @@ """Collection of pytest markers to ease test filtering.""" - import os import pytest diff --git a/tests/old_functional/common.py b/tests/old_functional/common.py index 16b2053a06..2d6be8b238 100644 --- a/tests/old_functional/common.py +++ b/tests/old_functional/common.py @@ -1,5 +1,4 @@ """ Common test utilities. """ - import os import sys import tempfile diff --git a/tests/old_functional/test_behavior.py b/tests/old_functional/test_behavior.py index 8c7ab640f9..9592ffb135 100644 --- a/tests/old_functional/test_behavior.py +++ b/tests/old_functional/test_behavior.py @@ -1,7 +1,6 @@ """ Test application Behavior. """ - from nxdrive.behavior import Behavior from .. import ensure_no_exception diff --git a/tests/old_functional/test_direct_transfer.py b/tests/old_functional/test_direct_transfer.py index 55bb49dd20..3956342358 100644 --- a/tests/old_functional/test_direct_transfer.py +++ b/tests/old_functional/test_direct_transfer.py @@ -1,7 +1,6 @@ """ Test the Direct Transfer feature in different scenarii. """ - import logging import re from pathlib import Path diff --git a/tests/old_functional/test_local_changes_when_offline.py b/tests/old_functional/test_local_changes_when_offline.py index e26c7938b7..1b3923834f 100644 --- a/tests/old_functional/test_local_changes_when_offline.py +++ b/tests/old_functional/test_local_changes_when_offline.py @@ -2,7 +2,6 @@ Test if changes made to local file system when Drive is offline sync's back later when Drive becomes online. """ - import pytest from nxdrive.constants import WINDOWS diff --git a/tests/old_functional/test_local_client.py b/tests/old_functional/test_local_client.py index 98f474a906..175c4103df 100644 --- a/tests/old_functional/test_local_client.py +++ b/tests/old_functional/test_local_client.py @@ -4,7 +4,6 @@ See NXDRIVE-742. """ - import hashlib import os from pathlib import Path diff --git a/tests/old_functional/test_synchronization_dedup.py b/tests/old_functional/test_synchronization_dedup.py index 6cdff02a54..d4c2979e8b 100644 --- a/tests/old_functional/test_synchronization_dedup.py +++ b/tests/old_functional/test_synchronization_dedup.py @@ -1,7 +1,6 @@ """ Test behaviors when the server allows duplicates and not the client. """ - from pathlib import Path import pytest diff --git a/tests/old_functional/test_transfer.py b/tests/old_functional/test_transfer.py index 72e85b20eb..6ac830a9b7 100644 --- a/tests/old_functional/test_transfer.py +++ b/tests/old_functional/test_transfer.py @@ -1,7 +1,6 @@ """ Test pause/resume transfers in different scenarii. """ - import re from unittest.mock import patch diff --git a/tests/unit/test_autolock.py b/tests/unit/test_autolock.py index b2a8975876..3e9d240403 100644 --- a/tests/unit/test_autolock.py +++ b/tests/unit/test_autolock.py @@ -1,7 +1,6 @@ """ Test the Auto-Lock feature used heavily by Direct Edit. """ - from pathlib import Path from typing import List, Tuple from unittest.mock import Mock, patch diff --git a/tests/unit/test_pytest_random.py b/tests/unit/test_pytest_random.py index 1ee6010938..6112825756 100644 --- a/tests/unit/test_pytest_random.py +++ b/tests/unit/test_pytest_random.py @@ -2,7 +2,6 @@ Tests for pytests_random: a pytest plugin to mitigate random failures. Adapted from github.com/pytest-dev/pytest-rerunfailures """ - import pytest pytest_plugins = "pytester" diff --git a/tools/cleanup_application_tree.py b/tools/cleanup_application_tree.py index 8945094b19..66e2fd0c08 100644 --- a/tools/cleanup_application_tree.py +++ b/tools/cleanup_application_tree.py @@ -2,7 +2,6 @@ Remove files from the package that are not needed and too big. This script can be launched after PyInstaller and before installers creation. """ - import os import shutil import sys diff --git a/tools/deps/requirements-tests.txt b/tools/deps/requirements-tests.txt index 76143dd64f..f7e9accc8f 100644 --- a/tools/deps/requirements-tests.txt +++ b/tools/deps/requirements-tests.txt @@ -15,29 +15,29 @@ attrs==23.2.0 \ --hash=sha256:935dc3b529c262f6cf76e50877d35a4bd3c1de194fd41f47a2b7ae8f19971f30 \ --hash=sha256:99b87a485a5820b23b879f04c2305b44b951b502fd64be915879d77a7e8fc6f1 # via pytest -black==24.4.2 \ - --hash=sha256:257d724c2c9b1660f353b36c802ccece186a30accc7742c176d29c146df6e474 \ - --hash=sha256:37aae07b029fa0174d39daf02748b379399b909652a806e5708199bd93899da1 \ - --hash=sha256:415e686e87dbbe6f4cd5ef0fbf764af7b89f9057b97c908742b6008cc554b9c0 \ - --hash=sha256:48a85f2cb5e6799a9ef05347b476cce6c182d6c71ee36925a6c194d074336ef8 \ - --hash=sha256:7768a0dbf16a39aa5e9a3ded568bb545c8c2727396d063bbaf847df05b08cd96 \ - --hash=sha256:7e122b1c4fb252fd85df3ca93578732b4749d9be076593076ef4d07a0233c3e1 \ - --hash=sha256:88c57dc656038f1ab9f92b3eb5335ee9b021412feaa46330d5eba4e51fe49b04 \ - --hash=sha256:8e537d281831ad0e71007dcdcbe50a71470b978c453fa41ce77186bbe0ed6021 \ - --hash=sha256:98e123f1d5cfd42f886624d84464f7756f60ff6eab89ae845210631714f6db94 \ - --hash=sha256:accf49e151c8ed2c0cdc528691838afd217c50412534e876a19270fea1e28e2d \ - --hash=sha256:b1530ae42e9d6d5b670a34db49a94115a64596bc77710b1d05e9801e62ca0a7c \ - --hash=sha256:b9176b9832e84308818a99a561e90aa479e73c523b3f77afd07913380ae2eab7 \ - --hash=sha256:bdde6f877a18f24844e381d45e9947a49e97933573ac9d4345399be37621e26c \ - --hash=sha256:be8bef99eb46d5021bf053114442914baeb3649a89dc5f3a555c88737e5e98fc \ - --hash=sha256:bf10f7310db693bb62692609b397e8d67257c55f949abde4c67f9cc574492cc7 \ - --hash=sha256:c872b53057f000085da66a19c55d68f6f8ddcac2642392ad3a355878406fbd4d \ - --hash=sha256:d36ed1124bb81b32f8614555b34cc4259c3fbc7eec17870e8ff8ded335b58d8c \ - --hash=sha256:da33a1a5e49c4122ccdfd56cd021ff1ebc4a1ec4e2d01594fef9b6f267a9e741 \ - --hash=sha256:dd1b5a14e417189db4c7b64a6540f31730713d173f0b63e55fabd52d61d8fdce \ - --hash=sha256:e151054aa00bad1f4e1f04919542885f89f5f7d086b8a59e5000e6c616896ffb \ - --hash=sha256:eaea3008c281f1038edb473c1aa8ed8143a5535ff18f978a318f10302b254063 \ - --hash=sha256:ef703f83fc32e131e9bcc0a5094cfe85599e7109f896fe8bc96cc402f3eb4b6e +black==23.12.1 \ + --hash=sha256:0808494f2b2df923ffc5723ed3c7b096bd76341f6213989759287611e9837d50 \ + --hash=sha256:1fa88a0f74e50e4487477bc0bb900c6781dbddfdfa32691e780bf854c3b4a47f \ + --hash=sha256:25e57fd232a6d6ff3f4478a6fd0580838e47c93c83eaf1ccc92d4faf27112c4e \ + --hash=sha256:2d9e13db441c509a3763a7a3d9a49ccc1b4e974a47be4e08ade2a228876500ec \ + --hash=sha256:3e1b38b3135fd4c025c28c55ddfc236b05af657828a8a6abe5deec419a0b7055 \ + --hash=sha256:3fa4be75ef2a6b96ea8d92b1587dd8cb3a35c7e3d51f0738ced0781c3aa3a5a3 \ + --hash=sha256:4ce3ef14ebe8d9509188014d96af1c456a910d5b5cbf434a09fef7e024b3d0d5 \ + --hash=sha256:4f0031eaa7b921db76decd73636ef3a12c942ed367d8c3841a0739412b260a54 \ + --hash=sha256:602cfb1196dc692424c70b6507593a2b29aac0547c1be9a1d1365f0d964c353b \ + --hash=sha256:6d1bd9c210f8b109b1762ec9fd36592fdd528485aadb3f5849b2740ef17e674e \ + --hash=sha256:78baad24af0f033958cad29731e27363183e140962595def56423e626f4bee3e \ + --hash=sha256:8d4df77958a622f9b5a4c96edb4b8c0034f8434032ab11077ec6c56ae9f384ba \ + --hash=sha256:97e56155c6b737854e60a9ab1c598ff2533d57e7506d97af5481141671abf3ea \ + --hash=sha256:9c4352800f14be5b4864016882cdba10755bd50805c95f728011bcb47a4afd59 \ + --hash=sha256:a4d6a9668e45ad99d2f8ec70d5c8c04ef4f32f648ef39048d010b0689832ec6d \ + --hash=sha256:a920b569dc6b3472513ba6ddea21f440d4b4c699494d2e972a1753cdc25df7b0 \ + --hash=sha256:ae76c22bde5cbb6bfd211ec343ded2163bba7883c7bc77f6b756a1049436fbb9 \ + --hash=sha256:b18fb2ae6c4bb63eebe5be6bd869ba2f14fd0259bda7d18a46b764d8fb86298a \ + --hash=sha256:c04b6d9d20e9c13f43eee8ea87d44156b8505ca8a3c878773f68b4e4812a421e \ + --hash=sha256:c88b3711d12905b74206227109272673edce0cb29f27e1385f33b0163c414bba \ + --hash=sha256:dd15245c8b68fe2b6bd0f32c1556509d11bb33aec9b5d0866dd8e2ed3dba09c2 \ + --hash=sha256:e0aaf6041986767a5e0ce663c7a2f0e9eaf21e6ff87a5f95cbf3675bfd4c41d2 click==8.1.7 \ --hash=sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28 \ --hash=sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de diff --git a/tools/jenkins/junit/merge.py b/tools/jenkins/junit/merge.py index 066d21e022..6680a43ee5 100644 --- a/tools/jenkins/junit/merge.py +++ b/tools/jenkins/junit/merge.py @@ -19,7 +19,6 @@ Léa Klein Mickaël Schoentgen """ - import os import sys from pathlib import Path diff --git a/tools/scripts/csv_to_log.py b/tools/scripts/csv_to_log.py index c358a4aa83..9ed52b29f6 100644 --- a/tools/scripts/csv_to_log.py +++ b/tools/scripts/csv_to_log.py @@ -2,7 +2,6 @@ Convert a CSV "log" file to a real log file. Such files are ones attached to NCO tickets. """ - import csv import sys from pathlib import Path From c51303b73e2a999250bf86b63403362a56dd928c Mon Sep 17 00:00:00 2001 From: Sweta Yadav Date: Wed, 3 Jul 2024 14:51:51 +0530 Subject: [PATCH 36/37] Removed black dependency --- tests/integration/windows/test_cli.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/integration/windows/test_cli.py b/tests/integration/windows/test_cli.py index a9619fd0a7..5ebecfa80c 100644 --- a/tests/integration/windows/test_cli.py +++ b/tests/integration/windows/test_cli.py @@ -108,9 +108,7 @@ def test_argument_log_filename(exe, tmp, file): assert log.is_file() -@pytest.mark.parametrize( - "folder", ["azerty", "$alice", "léa", "mi Kaël", "こん ツリ ^^"] -) +@pytest.mark.parametrize("folder", ["azerty", "$alice", "léa", "mi Kaël", "こん ツリ ^^"]) def test_argument_nxdrive_home(exe, tmp, folder): path = tmp() path.mkdir(parents=True, exist_ok=True) From b89de370bfb6dd56429359b9f6af1ecb39111393 Mon Sep 17 00:00:00 2001 From: swetayadav1 Date: Thu, 4 Jul 2024 11:35:40 +0530 Subject: [PATCH 37/37] Updated comments in retrieve_ssl_certificate --- nxdrive/utils.py | 1 + 1 file changed, 1 insertion(+) diff --git a/nxdrive/utils.py b/nxdrive/utils.py index 0917edd682..1251fd66b2 100644 --- a/nxdrive/utils.py +++ b/nxdrive/utils.py @@ -607,6 +607,7 @@ def retrieve_ssl_certificate(hostname: str, /, *, port: int = 443) -> str: with ssl.create_connection((hostname, port)) as conn: # type: ignore # Declaring a minimum version to restrict the protocol + # For more information check NXDRIVE-2920 context = ssl.create_default_context() context.minimum_version = getattr(ssl.TLSVersion, MINIMUM_TLS_VERSION) with context.wrap_socket(conn, server_hostname=hostname) as sock: