From 299a21691a76743fa74abbfecebfd9787ecab067 Mon Sep 17 00:00:00 2001 From: davelopez <46503462+davelopez@users.noreply.github.com> Date: Mon, 14 Jun 2021 10:42:30 +0200 Subject: [PATCH 1/2] Update fastapi to 0.65.2 and dependencies They include several security fixes. --- lib/galaxy/dependencies/dev-requirements.txt | 6 +++--- lib/galaxy/dependencies/pinned-requirements.txt | 6 +++--- pyproject.toml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/galaxy/dependencies/dev-requirements.txt b/lib/galaxy/dependencies/dev-requirements.txt index dcfcd11ca724..bd8e24ed69f4 100644 --- a/lib/galaxy/dependencies/dev-requirements.txt +++ b/lib/galaxy/dependencies/dev-requirements.txt @@ -62,7 +62,7 @@ dogpile.cache==1.1.2; python_version >= "3.6" ecdsa==0.14.1; python_version >= "2.6" and python_full_version < "3.0.0" or python_full_version >= "3.3.0" fabric3==1.14.post1 fastapi-utils==0.2.1; python_version >= "3.6" and python_version < "4.0" -fastapi==0.63.0; python_version >= "3.6" +fastapi==0.65.2; python_version >= "3.6" fluent-logger==0.10.0; python_version >= "3.5" funcsigs==1.0.2 future==0.18.2; (python_version >= "2.6" and python_full_version < "3.0.0") or (python_full_version >= "3.3.0") @@ -150,7 +150,7 @@ pyasn1-modules==0.2.8; python_version >= "2.7" and python_full_version < "3.0.0" pyasn1==0.4.8; python_version >= "3.5" and python_version < "4" pycparser==2.20; python_version >= "3.6" and python_full_version < "3.0.0" and implementation_name == "pypy" or implementation_name == "pypy" and python_version >= "3.6" and python_full_version >= "3.4.0" pycryptodome==3.10.1; (python_version >= "2.7" and python_full_version < "3.0.0") or (python_full_version >= "3.5.0") -pydantic==1.7.3; python_version >= "3.6" and python_version < "4.0" +pydantic==1.8.2; python_version >= "3.6" and python_version < "4.0" pydot==1.4.2; python_version >= "3.6" and python_full_version < "3.0.0" and python_version < "4" or python_version >= "3.6" and python_version < "4" and python_full_version >= "3.4.0" pyeventsystem==0.1.0 pyfaidx==0.5.9.5 @@ -228,7 +228,7 @@ sqlalchemy==1.4.18 sqlitedict==1.7.0 sqlparse==0.4.1; python_version >= "3.5" starlette-context==0.3.2; python_version >= "3.7" -starlette==0.13.6; python_version >= "3.6" +starlette==0.14.2; python_version >= "3.6" statsd==3.3.0 stevedore==3.3.0; python_version >= "3.6" svgwrite==1.4.1; python_version >= "3.6" diff --git a/lib/galaxy/dependencies/pinned-requirements.txt b/lib/galaxy/dependencies/pinned-requirements.txt index dd142fbb9980..082428347ce0 100644 --- a/lib/galaxy/dependencies/pinned-requirements.txt +++ b/lib/galaxy/dependencies/pinned-requirements.txt @@ -57,7 +57,7 @@ dogpile.cache==1.1.2; python_version >= "3.6" ecdsa==0.14.1; python_version >= "2.6" and python_full_version < "3.0.0" or python_full_version >= "3.3.0" fabric3==1.14.post1 fastapi-utils==0.2.1; python_version >= "3.6" and python_version < "4.0" -fastapi==0.63.0; python_version >= "3.6" +fastapi==0.65.2; python_version >= "3.6" funcsigs==1.0.2 future==0.18.2; (python_version >= "2.6" and python_full_version < "3.0.0") or (python_full_version >= "3.3.0") galaxy-sequence-utils==1.1.5 @@ -133,7 +133,7 @@ pyasn1-modules==0.2.8; python_version >= "2.7" and python_full_version < "3.0.0" pyasn1==0.4.8; python_version >= "3.5" and python_version < "4" pycparser==2.20; python_version >= "3.6" and python_full_version < "3.0.0" and implementation_name == "pypy" or implementation_name == "pypy" and python_version >= "3.6" and python_full_version >= "3.4.0" pycryptodome==3.10.1; (python_version >= "2.7" and python_full_version < "3.0.0") or (python_full_version >= "3.5.0") -pydantic==1.7.3; python_version >= "3.6" and python_version < "4.0" +pydantic==1.8.2; python_version >= "3.6" and python_version < "4.0" pydot==1.4.2; python_version >= "3.6" and python_full_version < "3.0.0" and python_version < "4" or python_version >= "3.6" and python_version < "4" and python_full_version >= "3.4.0" pyeventsystem==0.1.0 pyfaidx==0.5.9.5 @@ -184,7 +184,7 @@ sqlalchemy==1.4.18 sqlitedict==1.7.0 sqlparse==0.4.1; python_version >= "3.5" starlette-context==0.3.2; python_version >= "3.7" -starlette==0.13.6; python_version >= "3.6" +starlette==0.14.2; python_version >= "3.6" stevedore==3.3.0; python_version >= "3.6" svgwrite==1.4.1; python_version >= "3.6" tempita==0.5.2 diff --git a/pyproject.toml b/pyproject.toml index 051e5db1e5f1..e18d1211ab0f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -35,7 +35,7 @@ cwltool = "==3.0.20201109103151" dictobj = "*" docutils = "!=0.17, !=0.17.1" Fabric3 = "*" -fastapi = ">=0.63.0" +fastapi = ">=0.65.2" fastapi-utils = "*" future = "*" galaxy_sequence_utils = "*" From 6c4314a8dbf1ef45d629536f03760f4ce0d7daa9 Mon Sep 17 00:00:00 2001 From: davelopez <46503462+davelopez@users.noreply.github.com> Date: Mon, 14 Jun 2021 19:01:00 +0200 Subject: [PATCH 2/2] Force PUT request headers to JSON in API test Aparentely FastAPI no longer assumes JSON by default. --- lib/galaxy_test/api/test_datasets.py | 5 ++++- test/integration/test_tool_data_delete.py | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/galaxy_test/api/test_datasets.py b/lib/galaxy_test/api/test_datasets.py index 514b2981ab26..a69bfbfa457a 100644 --- a/lib/galaxy_test/api/test_datasets.py +++ b/lib/galaxy_test/api/test_datasets.py @@ -128,7 +128,10 @@ def test_tag_change(self): 'item_class': 'HistoryDatasetAssociation', 'item_tags': ['cool:tag_a', 'cool:tag_b', 'tag_c', 'name:tag_d', '#tag_e'], }) - put_response = self._put("tags", payload) + + # TODO remove the headers here and add json parameter to _put method + put_response = self._put("tags", data=payload, headers={'Content-Type': 'application/json'}) + self._assert_status_code_is_ok(put_response) updated_hda = self._get( f"histories/{self.history_id}/contents/{hda_id}").json() diff --git a/test/integration/test_tool_data_delete.py b/test/integration/test_tool_data_delete.py index 0b883178c482..ee0bb16a35b0 100644 --- a/test/integration/test_tool_data_delete.py +++ b/test/integration/test_tool_data_delete.py @@ -61,7 +61,10 @@ def test_admin_delete_data_table_entry(self): self.assertEquals(len(updated_fields), original_count + 1) new_field = updated_fields[-1] url = self._api_url(f"tool_data/testbeta?key={self.galaxy_interactor.api_key}") - delete_response = delete(url, data=json.dumps({"values": "\t".join(new_field)})) + + # TODO remove the headers here, use the interactor _delete method and add json parameter to it + delete_response = delete(url, data=json.dumps({"values": "\t".join(new_field)}), headers={'Content-Type': 'application/json'}) + delete_response.raise_for_status() time.sleep(2) show_response = self._get("tool_data/testbeta")