Bump python libs, address insecure releases (#7550)

* Bump python libs, address insecure releases Using https://requires.io/github/mistercrunch/superset/requirements/?branch=apache_release_improv to identify insecure, old releases we're using and bumping. * redis <3.0 * fix new flakes
2019-05-28 21:03:49 -07:00 · 2019-05-28 21:03:49 -07:00 · fd5befee38
parent 2a2f395e94
commit fd5befee38
7 changed files with 27 additions and 30 deletions
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@ -16,22 +16,22 @@
 #
 coverage==4.5.3
 flake8-commas==2.0.0
-flake8-import-order==0.18
+flake8-import-order==0.18.1
 flake8-mypy==17.8.0
-flake8-quotes==1.0.0
-flake8==3.6.0
-flask-cors==3.0.6
-ipdb==0.11
+flake8-quotes==2.0.1
+flake8==3.7.7
+flask-cors==3.0.7
+ipdb==0.12
 mypy==0.670
 mysqlclient==1.4.2.post1
 nose==1.3.7
-pip-tools==3.5.0
+pip-tools==3.7.0
 psycopg2-binary==2.7.5
-pycodestyle==2.4.0
+pycodestyle==2.5.0
 pyhive==0.6.1
 pylint==1.9.2
 python-dotenv==0.10.1
 redis==2.10.6
 statsd==3.3.0
 thrift==0.11.0
-tox==3.5.3
+tox==3.11.1
--- a/requirements.txt
+++ b/requirements.txt
@ -2,9 +2,8 @@
 # This file is autogenerated by pip-compile
 # To update, run:
 #
-#    pip-compile --output-file requirements.txt setup.py
+#    pip-compile --output-file=requirements.txt setup.py
 #
-
 alembic==1.0.0            # via flask-migrate
 amqp==2.3.2               # via kombu
 apispec[yaml]==1.2.0      # via flask-appbuilder
@ -42,7 +41,7 @@ humanize==0.5.1
 idna==2.6
 isodate==0.6.0
 itsdangerous==0.24        # via flask
-jinja2==2.10              # via flask, flask-babel
+jinja2==2.10.1            # via flask, flask-babel
 jsonschema==3.0.1         # via flask-appbuilder
 kombu==4.2.1              # via celery
 mako==1.0.7               # via alembic
@ -68,17 +67,16 @@ python-editor==1.0.3      # via alembic
 python-geohash==0.8.5
 python3-openid==3.1.0     # via flask-openid
 pytz==2018.5              # via babel, celery, pandas
-pyyaml==3.13
-requests==2.20.0
+pyyaml==5.1
+requests==2.22.0
 retry==0.9.2
 selenium==3.141.0
 simplejson==3.15.0
 six==1.11.0               # via bleach, cryptography, flask-jwt-extended, flask-talisman, isodate, jsonschema, pathlib2, polyline, prison, pydruid, pyrsistent, python-dateutil, sqlalchemy-utils, wtforms-json
-sqlalchemy-utils==0.32.21
+sqlalchemy-utils==0.33.11
 sqlalchemy==1.3.1
 sqlparse==0.2.4
-unicodecsv==0.14.1
-urllib3==1.22             # via requests, selenium
+urllib3==1.24.3           # via requests, selenium
 vine==1.1.4               # via amqp
 webencodings==0.5.1       # via bleach
 werkzeug==0.14.1          # via flask, flask-jwt-extended
--- a/setup.py
+++ b/setup.py
@ -97,15 +97,14 @@ setup(
        'python-dateutil',
        'python-dotenv',
        'python-geohash',
-        'pyyaml>=3.13',
-        'requests>=2.20.0',
+        'pyyaml>=5.1',
+        'requests>=2.22.0',
        'retry>=0.9.2',
        'selenium>=3.141.0',
        'simplejson>=3.15.0',
        'sqlalchemy>=1.3.1,<2.0',
-        'sqlalchemy-utils',
+        'sqlalchemy-utils>=0.33.2',
        'sqlparse',
-        'unicodecsv',
        'wtforms-json',
    ],
    extras_require={
--- a/superset/cli.py
+++ b/superset/cli.py
@ -132,7 +132,7 @@ def load_examples(load_test_data):
@click.option('--datasource', '-d', help='Specify which datasource name to load, if '
                                         'omitted, all datasources will be refreshed')
@click.option('--merge', '-m', is_flag=True, default=False,
-              help='Specify using \'merge\' property during operation. '
+              help="Specify using 'merge' property during operation. "
                   'Default value is False.')
 def refresh_druid(datasource, merge):
    """Refresh druid datasources"""
--- a/superset/views/core.py
+++ b/superset/views/core.py
@ -1340,12 +1340,12 @@ class Superset(BaseSupersetView):

        if action == 'overwrite' and not slice_overwrite_perm:
            return json_error_response(
-                _('You don\'t have the rights to ') + _('alter this ') + _('chart'),
+                _("You don't have the rights to ") + _('alter this ') + _('chart'),
                status=400)

        if action == 'saveas' and not slice_add_perm:
            return json_error_response(
-                _('You don\'t have the rights to ') + _('create a ') + _('chart'),
+                _("You don't have the rights to ") + _('create a ') + _('chart'),
                status=400)

        if action in ('saveas', 'overwrite'):
@ -1452,7 +1452,7 @@ class Superset(BaseSupersetView):
            dash_overwrite_perm = check_ownership(dash, raise_if_false=False)
            if not dash_overwrite_perm:
                return json_error_response(
-                    _('You don\'t have the rights to ') + _('alter this ') +
+                    _("You don't have the rights to ") + _('alter this ') +
                    _('dashboard'),
                    status=400)

@ -1466,7 +1466,7 @@ class Superset(BaseSupersetView):
            dash_add_perm = security_manager.can_access('can_add', 'DashboardModelView')
            if not dash_add_perm:
                return json_error_response(
-                    _('You don\'t have the rights to ') + _('create a ') + _('dashboard'),
+                    _("You don't have the rights to ") + _('create a ') + _('dashboard'),
                    status=400)

            dash = models.Dashboard(
--- a/tests/db_engine_specs_test.py
+++ b/tests/db_engine_specs_test.py
@ -108,7 +108,7 @@ class DbEngineSpecsTestCase(SupersetTestCase):
            '{...} errorMessage="Error while compiling statement: FAILED: '
            'SemanticException [Error 10001]: Line 4'
            ':5 Table not found \'fact_ridesfdslakj\'", statusCode=3, '
-            'sqlState=\'42S02\', errorCode=10001)){...}')
+            "sqlState='42S02', errorCode=10001)){...}")
        self.assertEquals((
            'Error while compiling statement: FAILED: '
            'SemanticException [Error 10001]: Line 4:5 '
--- a/tests/viz_tests.py
+++ b/tests/viz_tests.py
@ -258,7 +258,7 @@ class TableVizTestCase(SupersetTestCase):
                {
                    'expressionType': 'SQL',
                    'clause': 'WHERE',
-                    'sqlExpression': 'value3 in (\'North America\')',
+                    'sqlExpression': "value3 in ('North America')",
                },
            ],
        }
@ -273,7 +273,7 @@ class TableVizTestCase(SupersetTestCase):
            [{'op': '<', 'val': '10', 'col': 'SUM(value1)'}],
            query_obj['extras']['having_druid'],
        )
-        self.assertEqual('(value3 in (\'North America\'))', query_obj['extras']['where'])
+        self.assertEqual("(value3 in ('North America'))", query_obj['extras']['where'])
        self.assertEqual('(SUM(value1) > 5)', query_obj['extras']['having'])

    def test_adhoc_filters_overwrite_legacy_filters(self):
@ -295,7 +295,7 @@ class TableVizTestCase(SupersetTestCase):
                {
                    'expressionType': 'SQL',
                    'clause': 'WHERE',
-                    'sqlExpression': 'value3 in (\'North America\')',
+                    'sqlExpression': "value3 in ('North America')",
                },
            ],
            'having': 'SUM(value1) > 5',
@ -311,7 +311,7 @@ class TableVizTestCase(SupersetTestCase):
            [],
            query_obj['extras']['having_druid'],
        )
-        self.assertEqual('(value3 in (\'North America\'))', query_obj['extras']['where'])
+        self.assertEqual("(value3 in ('North America'))", query_obj['extras']['where'])
        self.assertEqual('', query_obj['extras']['having'])

    @patch('superset.viz.BaseViz.query_obj')