mirror of https://github.com/apache/superset.git
Bump python libs, address insecure releases (#7550)
* Bump python libs, address insecure releases Using https://requires.io/github/mistercrunch/superset/requirements/?branch=apache_release_improv to identify insecure, old releases we're using and bumping. * redis <3.0 * fix new flakes
This commit is contained in:
parent
2a2f395e94
commit
fd5befee38
|
@ -16,22 +16,22 @@
|
||||||
#
|
#
|
||||||
coverage==4.5.3
|
coverage==4.5.3
|
||||||
flake8-commas==2.0.0
|
flake8-commas==2.0.0
|
||||||
flake8-import-order==0.18
|
flake8-import-order==0.18.1
|
||||||
flake8-mypy==17.8.0
|
flake8-mypy==17.8.0
|
||||||
flake8-quotes==1.0.0
|
flake8-quotes==2.0.1
|
||||||
flake8==3.6.0
|
flake8==3.7.7
|
||||||
flask-cors==3.0.6
|
flask-cors==3.0.7
|
||||||
ipdb==0.11
|
ipdb==0.12
|
||||||
mypy==0.670
|
mypy==0.670
|
||||||
mysqlclient==1.4.2.post1
|
mysqlclient==1.4.2.post1
|
||||||
nose==1.3.7
|
nose==1.3.7
|
||||||
pip-tools==3.5.0
|
pip-tools==3.7.0
|
||||||
psycopg2-binary==2.7.5
|
psycopg2-binary==2.7.5
|
||||||
pycodestyle==2.4.0
|
pycodestyle==2.5.0
|
||||||
pyhive==0.6.1
|
pyhive==0.6.1
|
||||||
pylint==1.9.2
|
pylint==1.9.2
|
||||||
python-dotenv==0.10.1
|
python-dotenv==0.10.1
|
||||||
redis==2.10.6
|
redis==2.10.6
|
||||||
statsd==3.3.0
|
statsd==3.3.0
|
||||||
thrift==0.11.0
|
thrift==0.11.0
|
||||||
tox==3.5.3
|
tox==3.11.1
|
||||||
|
|
|
@ -2,9 +2,8 @@
|
||||||
# This file is autogenerated by pip-compile
|
# This file is autogenerated by pip-compile
|
||||||
# To update, run:
|
# To update, run:
|
||||||
#
|
#
|
||||||
# pip-compile --output-file requirements.txt setup.py
|
# pip-compile --output-file=requirements.txt setup.py
|
||||||
#
|
#
|
||||||
|
|
||||||
alembic==1.0.0 # via flask-migrate
|
alembic==1.0.0 # via flask-migrate
|
||||||
amqp==2.3.2 # via kombu
|
amqp==2.3.2 # via kombu
|
||||||
apispec[yaml]==1.2.0 # via flask-appbuilder
|
apispec[yaml]==1.2.0 # via flask-appbuilder
|
||||||
|
@ -42,7 +41,7 @@ humanize==0.5.1
|
||||||
idna==2.6
|
idna==2.6
|
||||||
isodate==0.6.0
|
isodate==0.6.0
|
||||||
itsdangerous==0.24 # via flask
|
itsdangerous==0.24 # via flask
|
||||||
jinja2==2.10 # via flask, flask-babel
|
jinja2==2.10.1 # via flask, flask-babel
|
||||||
jsonschema==3.0.1 # via flask-appbuilder
|
jsonschema==3.0.1 # via flask-appbuilder
|
||||||
kombu==4.2.1 # via celery
|
kombu==4.2.1 # via celery
|
||||||
mako==1.0.7 # via alembic
|
mako==1.0.7 # via alembic
|
||||||
|
@ -68,17 +67,16 @@ python-editor==1.0.3 # via alembic
|
||||||
python-geohash==0.8.5
|
python-geohash==0.8.5
|
||||||
python3-openid==3.1.0 # via flask-openid
|
python3-openid==3.1.0 # via flask-openid
|
||||||
pytz==2018.5 # via babel, celery, pandas
|
pytz==2018.5 # via babel, celery, pandas
|
||||||
pyyaml==3.13
|
pyyaml==5.1
|
||||||
requests==2.20.0
|
requests==2.22.0
|
||||||
retry==0.9.2
|
retry==0.9.2
|
||||||
selenium==3.141.0
|
selenium==3.141.0
|
||||||
simplejson==3.15.0
|
simplejson==3.15.0
|
||||||
six==1.11.0 # via bleach, cryptography, flask-jwt-extended, flask-talisman, isodate, jsonschema, pathlib2, polyline, prison, pydruid, pyrsistent, python-dateutil, sqlalchemy-utils, wtforms-json
|
six==1.11.0 # via bleach, cryptography, flask-jwt-extended, flask-talisman, isodate, jsonschema, pathlib2, polyline, prison, pydruid, pyrsistent, python-dateutil, sqlalchemy-utils, wtforms-json
|
||||||
sqlalchemy-utils==0.32.21
|
sqlalchemy-utils==0.33.11
|
||||||
sqlalchemy==1.3.1
|
sqlalchemy==1.3.1
|
||||||
sqlparse==0.2.4
|
sqlparse==0.2.4
|
||||||
unicodecsv==0.14.1
|
urllib3==1.24.3 # via requests, selenium
|
||||||
urllib3==1.22 # via requests, selenium
|
|
||||||
vine==1.1.4 # via amqp
|
vine==1.1.4 # via amqp
|
||||||
webencodings==0.5.1 # via bleach
|
webencodings==0.5.1 # via bleach
|
||||||
werkzeug==0.14.1 # via flask, flask-jwt-extended
|
werkzeug==0.14.1 # via flask, flask-jwt-extended
|
||||||
|
|
7
setup.py
7
setup.py
|
@ -97,15 +97,14 @@ setup(
|
||||||
'python-dateutil',
|
'python-dateutil',
|
||||||
'python-dotenv',
|
'python-dotenv',
|
||||||
'python-geohash',
|
'python-geohash',
|
||||||
'pyyaml>=3.13',
|
'pyyaml>=5.1',
|
||||||
'requests>=2.20.0',
|
'requests>=2.22.0',
|
||||||
'retry>=0.9.2',
|
'retry>=0.9.2',
|
||||||
'selenium>=3.141.0',
|
'selenium>=3.141.0',
|
||||||
'simplejson>=3.15.0',
|
'simplejson>=3.15.0',
|
||||||
'sqlalchemy>=1.3.1,<2.0',
|
'sqlalchemy>=1.3.1,<2.0',
|
||||||
'sqlalchemy-utils',
|
'sqlalchemy-utils>=0.33.2',
|
||||||
'sqlparse',
|
'sqlparse',
|
||||||
'unicodecsv',
|
|
||||||
'wtforms-json',
|
'wtforms-json',
|
||||||
],
|
],
|
||||||
extras_require={
|
extras_require={
|
||||||
|
|
|
@ -132,7 +132,7 @@ def load_examples(load_test_data):
|
||||||
@click.option('--datasource', '-d', help='Specify which datasource name to load, if '
|
@click.option('--datasource', '-d', help='Specify which datasource name to load, if '
|
||||||
'omitted, all datasources will be refreshed')
|
'omitted, all datasources will be refreshed')
|
||||||
@click.option('--merge', '-m', is_flag=True, default=False,
|
@click.option('--merge', '-m', is_flag=True, default=False,
|
||||||
help='Specify using \'merge\' property during operation. '
|
help="Specify using 'merge' property during operation. "
|
||||||
'Default value is False.')
|
'Default value is False.')
|
||||||
def refresh_druid(datasource, merge):
|
def refresh_druid(datasource, merge):
|
||||||
"""Refresh druid datasources"""
|
"""Refresh druid datasources"""
|
||||||
|
|
|
@ -1340,12 +1340,12 @@ class Superset(BaseSupersetView):
|
||||||
|
|
||||||
if action == 'overwrite' and not slice_overwrite_perm:
|
if action == 'overwrite' and not slice_overwrite_perm:
|
||||||
return json_error_response(
|
return json_error_response(
|
||||||
_('You don\'t have the rights to ') + _('alter this ') + _('chart'),
|
_("You don't have the rights to ") + _('alter this ') + _('chart'),
|
||||||
status=400)
|
status=400)
|
||||||
|
|
||||||
if action == 'saveas' and not slice_add_perm:
|
if action == 'saveas' and not slice_add_perm:
|
||||||
return json_error_response(
|
return json_error_response(
|
||||||
_('You don\'t have the rights to ') + _('create a ') + _('chart'),
|
_("You don't have the rights to ") + _('create a ') + _('chart'),
|
||||||
status=400)
|
status=400)
|
||||||
|
|
||||||
if action in ('saveas', 'overwrite'):
|
if action in ('saveas', 'overwrite'):
|
||||||
|
@ -1452,7 +1452,7 @@ class Superset(BaseSupersetView):
|
||||||
dash_overwrite_perm = check_ownership(dash, raise_if_false=False)
|
dash_overwrite_perm = check_ownership(dash, raise_if_false=False)
|
||||||
if not dash_overwrite_perm:
|
if not dash_overwrite_perm:
|
||||||
return json_error_response(
|
return json_error_response(
|
||||||
_('You don\'t have the rights to ') + _('alter this ') +
|
_("You don't have the rights to ") + _('alter this ') +
|
||||||
_('dashboard'),
|
_('dashboard'),
|
||||||
status=400)
|
status=400)
|
||||||
|
|
||||||
|
@ -1466,7 +1466,7 @@ class Superset(BaseSupersetView):
|
||||||
dash_add_perm = security_manager.can_access('can_add', 'DashboardModelView')
|
dash_add_perm = security_manager.can_access('can_add', 'DashboardModelView')
|
||||||
if not dash_add_perm:
|
if not dash_add_perm:
|
||||||
return json_error_response(
|
return json_error_response(
|
||||||
_('You don\'t have the rights to ') + _('create a ') + _('dashboard'),
|
_("You don't have the rights to ") + _('create a ') + _('dashboard'),
|
||||||
status=400)
|
status=400)
|
||||||
|
|
||||||
dash = models.Dashboard(
|
dash = models.Dashboard(
|
||||||
|
|
|
@ -108,7 +108,7 @@ class DbEngineSpecsTestCase(SupersetTestCase):
|
||||||
'{...} errorMessage="Error while compiling statement: FAILED: '
|
'{...} errorMessage="Error while compiling statement: FAILED: '
|
||||||
'SemanticException [Error 10001]: Line 4'
|
'SemanticException [Error 10001]: Line 4'
|
||||||
':5 Table not found \'fact_ridesfdslakj\'", statusCode=3, '
|
':5 Table not found \'fact_ridesfdslakj\'", statusCode=3, '
|
||||||
'sqlState=\'42S02\', errorCode=10001)){...}')
|
"sqlState='42S02', errorCode=10001)){...}")
|
||||||
self.assertEquals((
|
self.assertEquals((
|
||||||
'Error while compiling statement: FAILED: '
|
'Error while compiling statement: FAILED: '
|
||||||
'SemanticException [Error 10001]: Line 4:5 '
|
'SemanticException [Error 10001]: Line 4:5 '
|
||||||
|
|
|
@ -258,7 +258,7 @@ class TableVizTestCase(SupersetTestCase):
|
||||||
{
|
{
|
||||||
'expressionType': 'SQL',
|
'expressionType': 'SQL',
|
||||||
'clause': 'WHERE',
|
'clause': 'WHERE',
|
||||||
'sqlExpression': 'value3 in (\'North America\')',
|
'sqlExpression': "value3 in ('North America')",
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
@ -273,7 +273,7 @@ class TableVizTestCase(SupersetTestCase):
|
||||||
[{'op': '<', 'val': '10', 'col': 'SUM(value1)'}],
|
[{'op': '<', 'val': '10', 'col': 'SUM(value1)'}],
|
||||||
query_obj['extras']['having_druid'],
|
query_obj['extras']['having_druid'],
|
||||||
)
|
)
|
||||||
self.assertEqual('(value3 in (\'North America\'))', query_obj['extras']['where'])
|
self.assertEqual("(value3 in ('North America'))", query_obj['extras']['where'])
|
||||||
self.assertEqual('(SUM(value1) > 5)', query_obj['extras']['having'])
|
self.assertEqual('(SUM(value1) > 5)', query_obj['extras']['having'])
|
||||||
|
|
||||||
def test_adhoc_filters_overwrite_legacy_filters(self):
|
def test_adhoc_filters_overwrite_legacy_filters(self):
|
||||||
|
@ -295,7 +295,7 @@ class TableVizTestCase(SupersetTestCase):
|
||||||
{
|
{
|
||||||
'expressionType': 'SQL',
|
'expressionType': 'SQL',
|
||||||
'clause': 'WHERE',
|
'clause': 'WHERE',
|
||||||
'sqlExpression': 'value3 in (\'North America\')',
|
'sqlExpression': "value3 in ('North America')",
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
'having': 'SUM(value1) > 5',
|
'having': 'SUM(value1) > 5',
|
||||||
|
@ -311,7 +311,7 @@ class TableVizTestCase(SupersetTestCase):
|
||||||
[],
|
[],
|
||||||
query_obj['extras']['having_druid'],
|
query_obj['extras']['having_druid'],
|
||||||
)
|
)
|
||||||
self.assertEqual('(value3 in (\'North America\'))', query_obj['extras']['where'])
|
self.assertEqual("(value3 in ('North America'))", query_obj['extras']['where'])
|
||||||
self.assertEqual('', query_obj['extras']['having'])
|
self.assertEqual('', query_obj['extras']['having'])
|
||||||
|
|
||||||
@patch('superset.viz.BaseViz.query_obj')
|
@patch('superset.viz.BaseViz.query_obj')
|
||||||
|
|
Loading…
Reference in New Issue