Addressed safety issues up to 2024-07-21; Updated dev versions

Signed-off-by: Andreas Maier <[email protected]>
pywbem · Jul 21, 2024 · 8a6ceaf · 8a6ceaf
1 parent 93d6f5e
commit 8a6ceaf
Show file tree

Hide file tree

Showing 6 changed files with 117 additions and 69 deletions.
diff --git a/.safety-policy.yml b/.safety-policy.yml
@@ -56,6 +56,10 @@ security:
             reason: Fixed tqdm version 4.66.3 requires Python>=3.7 and is used there
         71064:
             reason: Fixed requests version 2.32.2 requires Python>=3.8 and is used there
+        71591:
+            reason: Fixed Jinja2 version 3.1.4 requires Python>=3.7 and is used there
+        71636:
+            reason: Fixed authlib version 1.3.1 requires Python>=3.8 and is used there
 
     # Continue with exit code 0 when vulnerabilities are found.
     continue-on-vulnerability-error: False
diff --git a/Makefile b/Makefile
@@ -248,7 +248,15 @@ dist_included_files := \
 done_dir := done
 
 # Packages whose dependencies are checked using pip-missing-reqs
-check_reqs_packages := pytest coverage coveralls flake8 pylint safety sphinx twine
+ifeq ($(python_mn_version),3.6)
+  check_reqs_packages := pytest coverage coveralls flake8 pylint twine
+else
+ifeq ($(python_mn_version),3.7)
+  check_reqs_packages := pytest coverage coveralls flake8 pylint twine safety
+else
+  check_reqs_packages := pytest coverage coveralls flake8 pylint twine safety sphinx
+endif
+endif
 
 .PHONY: help
 help:
@@ -480,52 +488,80 @@ upload: _check_version $(dist_files)
 html: $(done_dir)/develop_reqs_$(pymn)_$(PACKAGE_LEVEL).done $(doc_build_dir)/html/docs/index.html
 	@echo "Makefile: Target $@ done."
 
+# Boolean variable indicating that Sphinx should be run
+# We run Sphinx only on Python>=3.8 because lower Python versions require too old Sphinx versions
+run_sphinx := $(shell $(PYTHON_CMD) -c "import sys; py=sys.version_info[0:2]; sys.stdout.write('true' if py>=(3,8) else 'false')")
+
 $(doc_build_dir)/html/docs/index.html: Makefile $(doc_dependent_files)
+ifeq ($(run_sphinx),true)
 	@echo "Makefile: Creating the documentation as HTML pages"
 	-$(call RM_FUNC,$@)
 	$(doc_cmd) -b html $(doc_opts) $(doc_build_dir)/html
 	@echo "Makefile: Done creating the documentation as HTML pages; top level file: $@"
+else
+	@echo "Skipping Sphinx to create the documentation as HTML pages on Python version $(python_version)"
+endif
 
 .PHONY: pdf
 pdf: $(done_dir)/develop_reqs_$(pymn)_$(PACKAGE_LEVEL).done Makefile $(doc_dependent_files)
+ifeq ($(run_sphinx),true)
 	@echo "Makefile: Creating the documentation as PDF file"
 	-$(call RM_FUNC,$@)
 	$(doc_cmd) -b latex $(doc_opts) $(doc_build_dir)/pdf
 	@echo "Makefile: Running LaTeX files through pdflatex..."
 	$(MAKE) -C $(doc_build_dir)/pdf all-pdf
 	@echo "Makefile: Done creating the documentation as PDF file in: $(doc_build_dir)/pdf/"
 	@echo "Makefile: Target $@ done."
+else
+	@echo "Skipping Sphinx to create the documentation as PDF file on Python version $(python_version)"
+endif
 
 .PHONY: man
 man: $(done_dir)/develop_reqs_$(pymn)_$(PACKAGE_LEVEL).done Makefile $(doc_dependent_files)
+ifeq ($(run_sphinx),true)
 	@echo "Makefile: Creating the documentation as man pages"
 	-$(call RM_FUNC,$@)
 	$(doc_cmd) -b man $(doc_opts) $(doc_build_dir)/man
 	@echo "Makefile: Done creating the documentation as man pages in: $(doc_build_dir)/man/"
 	@echo "Makefile: Target $@ done."
+else
+	@echo "Skipping Sphinx to create the documentation as man pages on Python version $(python_version)"
+endif
 
 .PHONY: docchanges
 docchanges: $(done_dir)/develop_reqs_$(pymn)_$(PACKAGE_LEVEL).done
+ifeq ($(run_sphinx),true)
 	@echo "Makefile: Creating the doc changes overview file"
 	$(doc_cmd) -b changes $(doc_opts) $(doc_build_dir)/changes
 	@echo
 	@echo "Makefile: Done creating the doc changes overview file in: $(doc_build_dir)/changes/"
 	@echo "Makefile: Target $@ done."
+else
+	@echo "Skipping Sphinx to create the doc changes overview file on Python version $(python_version)"
+endif
 
 .PHONY: doclinkcheck
 doclinkcheck: $(done_dir)/develop_reqs_$(pymn)_$(PACKAGE_LEVEL).done
+ifeq ($(run_sphinx),true)
 	@echo "Makefile: Creating the doc link errors file"
 	$(doc_cmd) -b linkcheck $(doc_opts) $(doc_build_dir)/linkcheck
 	@echo
 	@echo "Makefile: Done creating the doc link errors file: $(doc_build_dir)/linkcheck/output.txt"
 	@echo "Makefile: Target $@ done."
+else
+	@echo "Skipping Sphinx to create the doc link errors file on Python version $(python_version)"
+endif
 
 .PHONY: doccoverage
 doccoverage: $(done_dir)/develop_reqs_$(pymn)_$(PACKAGE_LEVEL).done
+ifeq ($(run_sphinx),true)
 	@echo "Makefile: Creating the doc coverage results file"
 	$(doc_cmd) -b coverage $(doc_opts) $(doc_build_dir)/coverage
 	@echo "Makefile: Done creating the doc coverage results file: $(doc_build_dir)/coverage/python.txt"
 	@echo "Makefile: Target $@ done."
+else
+	@echo "Skipping Sphinx to create the doc coverage results file on Python version $(python_version)"
+endif
 
 .PHONY: authors
 authors: _check_version original_authors.md
@@ -594,11 +630,15 @@ $(done_dir)/flake8_$(pymn)_$(PACKAGE_LEVEL).done: $(done_dir)/develop_reqs_$(pym
 	@echo "Makefile: Done running Flake8"
 
 $(done_dir)/safety_$(pymn)_$(PACKAGE_LEVEL).done: $(done_dir)/develop_reqs_$(pymn)_$(PACKAGE_LEVEL).done Makefile $(safety_policy_file) minimum-constraints.txt
+ifeq ($(python_mn_version),3.6)
+	@echo "Makefile: Warning: Skipping Safety on Python $(python_version)" >&2
+else
 	@echo "Makefile: Running pyup.io safety check"
 	-$(call RM_FUNC,$@)
 	safety check --policy-file $(safety_policy_file) -r minimum-constraints.txt --full-report
 	echo "done" >$@
 	@echo "Makefile: Done running pyup.io safety check"
+endif
 
 .PHONY: check_reqs
 check_reqs: $(done_dir)/develop_reqs_$(pymn)_$(PACKAGE_LEVEL).done minimum-constraints.txt requirements.txt

diff --git a/dev-requirements.txt b/dev-requirements.txt
@@ -36,14 +36,11 @@ pytest-cov>=2.7.0
 coveralls>=3.3.0
 
 # Safety CI by pyup.io
-# safety 2.3.5 (only) requires packaging>=21.0,<22.0 and causes pip backtracking of tox
-safety>=2.2.0,!=2.3.5
-# safety 2.2.0 requires dparse>=0.6.2
-dparse>=0.6.2
 
 # Click is used by safety
-# safety 2.2.0 requires Click >=8.0.2
-Click>=8.0.2
+# Safety is run only on Python >=3.7
+# Safety 3.0.0 requires exact versions of authlib==1.2.0 and jwt==1.3.1.
+safety>=3.0.1; python_version >= '3.7'
 
 # PyYAML is pulled in by dparse
 # PyYAML 5.3.1 addressed issue 38100 reported by safety
@@ -57,28 +54,28 @@ PyYAML>=5.3.1
 tox>=3.21.0
 
 # Sphinx (no imports, invoked via sphinx-build script):
-# Sphinx 4.0.0 breaks autodocsumm and needs to be excluded
-# Sphinx 4.0.0,4.0.1 (only) pin Jinja2 to <3.0
-# Sphinx <4.2.0 fails on Python 3.10 because it tries to import non-existing
-#   types.Union. This also drives docutils>=0.14.
-# Sphinx 4.4.0 started requiring importlib-metadata>=4.4
-# Sphinx 6.0.0 dropped support for Python <=3.7
-# Sphinx 7.2.0 dropped support for Python 3.8
-Sphinx>=4.2.0,<4.4.0; python_version <= '3.7'
-Sphinx>=4.2.0; python_version >= '3.8'
-docutils>=0.16
-sphinx-git>=10.1.1
-# GitPython 3.1.24 dropped support for Python 3.6
-GitPython>=2.1.1; python_version == '3.6'
-GitPython>=3.1.41; python_version >= '3.7'
-sphinxcontrib-fulltoc>=1.2.0
-sphinxcontrib-websupport>=1.1.2
-Pygments>=2.7.4; python_version == '3.6'
-Pygments>=2.15.0; python_version >= '3.7'
-# sphinx-rtd-theme 2.0.0 requires Sphinx>=5,<8
-sphinx-rtd-theme>=1.0.0
-# Babel 2.7.0 fixes an ImportError for MutableMapping which starts failing on Python 3.10
-Babel>=2.9.1
+# Sphinx is used only on Python>=3.8
+# Sphinx 6.0.0 started requiring Python>=3.8
+# Sphinx 7.2.0 started requiring Python>=3.9
+Sphinx>=7.1.0; python_version == '3.8'
+Sphinx>=7.2.0; python_version >= '3.9'
+# Sphinx 7.1.0 pins docutils to <0.21
+docutils>=0.18.1,<0.21; python_version == '3.8'
+sphinx-git>=10.1.1; python_version >= '3.8'
+GitPython>=3.1.41; python_version >= '3.8'
+Pygments>=2.15.0; python_version >= '3.8'
+sphinx-rtd-theme>=2.0.0; python_version >= '3.8'
+sphinxcontrib-applehelp>=1.0.4; python_version >= '3.8'
+sphinxcontrib-devhelp>=1.0.2; python_version >= '3.8'
+sphinxcontrib-htmlhelp>=2.0.1; python_version >= '3.8'
+sphinxcontrib-jquery>=4.1; python_version >= '3.8'
+sphinxcontrib-jsmath>=1.0.1; python_version >= '3.8'
+sphinxcontrib-qthelp>=1.0.3; python_version >= '3.8'
+sphinxcontrib-serializinghtml>=1.1.5; python_version == '3.8'
+sphinxcontrib-serializinghtml>=1.1.9; python_version >= '3.9'
+sphinxcontrib-websupport>=1.2.4; python_version >= '3.8'
+autodocsumm>=0.2.12; python_version >= '3.8'
+Babel>=2.9.1; python_version >= '3.8'
 
 # PyLint (no imports, invoked via pylint script)
 # Pylint requires astroid
@@ -93,8 +90,8 @@ pylint>=3.0.3; python_version >= '3.12'
 astroid>=2.11.0; python_version == '3.6'
 astroid>=2.12.4; python_version >= '3.7' and python_version <= '3.11'
 astroid>=3.0.2; python_version >= '3.12'
-# astroid 2.13.0 uses typing-extensions on Python<3.11 but misses to require it on 3.10. See https://github.com/PyCQA/astroid/issues/1942
-typing-extensions>=3.10; python_version <= '3.10'
+# astroid 2.13.0 uses typing-extensions on Python<=3.10 but misses to require it. See https://github.com/PyCQA/astroid/issues/1942
+typing-extensions>=3.10; python_version >= '3.6' and python_version <= '3.10'
 # typed-ast is used by astroid on py34..py37
 typed-ast>=1.4.0,<1.5.0; python_version <= '3.7' and implementation_name=='cpython'
 # lazy-object-proxy is used by astroid
@@ -148,7 +145,7 @@ twine>=3.0.0
 # readme-renderer 23.0 has made cmarkgfm part of extras (it fails on Cygwin)
 readme-renderer>=23.0
 
-# packaging>=21.0
+# packaging is covered by test-requirements.txt
 
 # Package dependency management tools
 pipdeptree>=2.2.0

diff --git a/docs/changes.rst b/docs/changes.rst
@@ -16,7 +16,7 @@ Released: not yet
 
 **Bug fixes:**
 
-* Dev: Fixed safety issues up to 2024-07-09.
+* Fixed safety issues up to 2024-07-21.
 
 **Enhancements:**
 

diff --git a/minimum-constraints.txt b/minimum-constraints.txt
@@ -50,7 +50,8 @@ virtualenv==20.23.0; python_version >= '3.8'
 # Indirect dependencies for test (must be consistent with test-requirements.txt, if present)
 
 # packaging (used by pytest, safety)
-packaging==21.3
+packaging==21.0; python_version == '3.6'
+packaging==22.0; python_version >= '3.7'
 
 # pluggy (used by pytest, tox)
 pluggy==0.13.1
@@ -74,18 +75,19 @@ pytest-cov==2.7.0
 coveralls==3.3.0
 
 # Safety CI by pyup.io
-safety==2.2.0
-dparse==0.6.2
-typer==0.9.0; python_version == '3.6'
+# Safety is run only on Python >=3.7
+safety==3.0.1; python_version >= '3.7'
+safety-schemas==0.0.1; python_version >= '3.7'
+# TODO: Change to dparse 0.6.4 once released
+dparse==0.6.4b0; python_version >= '3.7'
+ruamel.yaml==0.17.21; python_version >= '3.7'
+Authlib==1.2.0; python_version == '3.7'
+Authlib==1.3.1; python_version >= '3.8'
+marshmallow==3.15.0; python_version >= '3.7'
+pydantic==1.10.13; python_version >= '3.7'
 typer==0.12.0; python_version >= '3.7'
 typer-cli==0.12.0; python_version >= '3.7'
 typer-slim==0.12.0; python_version >= '3.7'
-# safety 2.2.0 depends on ruamel.yaml>=0.17.21
-ruamel-yaml==0.17.21
-safety-schemas==0.0.1
-marshmallow==3.15.0
-# dataclasses is used by safety>=2.3.1 on (only) py36
-dataclasses==0.8; python_version == '3.6'
 
 # PyYAML is pulled in by dparse
 PyYAML==5.3.1
@@ -97,17 +99,25 @@ Click==8.0.2
 tox==3.21.0
 
 # Sphinx (no imports, invoked via sphinx-build script):
-Sphinx==4.2.0
-docutils==0.16
-sphinx-git==10.1.1
-GitPython==2.1.1; python_version == '3.6'
-GitPython==3.1.41; python_version >= '3.7'
-sphinxcontrib-fulltoc==1.2.0
-sphinxcontrib-websupport==1.1.2
-Pygments==2.7.4; python_version == '3.6'
-Pygments==2.15.0; python_version >= '3.7'
-sphinx-rtd-theme==1.0.0
-Babel==2.9.1
+# Sphinx is used only on Python>=3.8
+Sphinx==7.1.0; python_version == '3.8'
+Sphinx==7.2.0; python_version >= '3.9'
+docutils==0.18.1; python_version >= '3.8'
+sphinx-git==10.1.1; python_version >= '3.8'
+GitPython==3.1.41; python_version >= '3.8'
+Pygments==2.15.0; python_version >= '3.8'
+sphinx-rtd-theme==2.0.0; python_version >= '3.8'
+sphinxcontrib-applehelp==1.0.4; python_version >= '3.8'
+sphinxcontrib-devhelp==1.0.2; python_version >= '3.8'
+sphinxcontrib-htmlhelp==2.0.1; python_version >= '3.8'
+sphinxcontrib-jquery==4.1; python_version >= '3.8'
+sphinxcontrib-jsmath==1.0.1; python_version >= '3.8'
+sphinxcontrib-qthelp==1.0.3; python_version >= '3.8'
+sphinxcontrib-serializinghtml==1.1.5; python_version == '3.8'
+sphinxcontrib-serializinghtml==1.1.9; python_version >= '3.9'
+sphinxcontrib-websupport==1.2.4; python_version >= '3.8'
+autodocsumm==0.2.12; python_version >= '3.8'
+Babel==2.9.1; python_version >= '3.8'
 
 # PyLint (no imports, invoked via pylint script) - does not support py3:
 pylint==2.13.0; python_version == '3.6'
@@ -116,8 +126,6 @@ pylint==3.0.3; python_version >= '3.12'
 astroid==2.11.0; python_version == '3.6'
 astroid==2.12.4; python_version >= '3.7' and python_version <= '3.11'
 astroid==3.0.2; python_version >= '3.12'
-typing-extensions==3.10.0; python_version == '3.6'
-typing-extensions==4.6.0; python_version >= '3.7'
 typed-ast==1.4.0; python_version <= '3.7' and implementation_name=='cpython'
 lazy-object-proxy==1.4.3
 wrapt==1.14
@@ -165,26 +173,30 @@ pytz==2019.1
 # colorama (used by tox, pytest)
 colorama==0.4.5
 
+# nocaselist 2.0 requires typing-extensions>=3.10 (on py>=3.6)
+# safety 3.0 requires typing-extensions>=4.7.1 (used on py>=3.7)
+typing-extensions==3.10.0; python_version == '3.6'
+typing-extensions==4.7.1; python_version >= '3.7' and python_version <= '3.9'
+
 
 # Other indirect dependencies (not in any requirements file):
 
 alabaster==0.7.9
 appdirs==1.4.4
 attrs==19.2.0
-Authlib==1.2.0
 bleach==3.3.0
 certifi==2023.07.22
 chardet==3.0.3
 distlib==0.3.7
 docopt==0.6.1
 filelock==3.2.0; python_version == '3.6'
-filelock==3.11.0; python_version >= "3.7"
+filelock==3.11.0; python_version >= '3.7'
 gitdb==4.0.1
 # idna>3 requires using requests >=2.26.0
 idna==3.7
-imagesize==0.7.1
+imagesize==1.3.0
 Jinja2==3.0.0; python_version == '3.6'
-Jinja2==3.1.3; python_version >= '3.7'
+Jinja2==3.1.4; python_version >= '3.7'
 keyring==17.0.0
 MarkupSafe==2.0.0
 more-itertools==5.0.0
@@ -203,20 +215,14 @@ requests-toolbelt==0.8.0
 rfc3986==1.3.0
 rich==12.0.0
 smmap==3.0.1
-snowballstemmer==1.2.1
-sphinxcontrib-applehelp==1.0.0
-sphinxcontrib-devhelp==1.0.0
-sphinxcontrib-htmlhelp==2.0.0
-sphinxcontrib-jsmath==1.0.0
-sphinxcontrib-qthelp==1.0.0
-sphinxcontrib-serializinghtml==1.1.5
+snowballstemmer==2.0.0
 toml==0.10.0
 # tomli 2.0.0 removed support for py36
 tomli==1.1.0; python_version == '3.6'
 tomli==2.0.1; python_version >= '3.7'
 tqdm==4.14; python_version == '3.6'
 tqdm==4.66.3; python_version >= '3.7'
-urllib3==1.26.18
+urllib3==1.26.19
 wcwidth==0.1.7
 webencodings==0.5.1
 widgetsnbextension==1.2.6

diff --git a/test-requirements.txt b/test-requirements.txt
@@ -28,7 +28,8 @@ virtualenv>=20.23.0; python_version >= '3.8'
 # Indirect dependencies with special constraints:
 
 # packaging (used by pytest, safety)
-packaging>=21.3
+packaging>=21.0; python_version == '3.6'
+packaging>=22.0; python_version >= '3.7'
 
 # pluggy (used by pytest, tox)
 # Pluggy 0.12.0 has a bug causing pytest plugins to fail loading on py38