From c53685798d9e2d59c633b406644bcdd4ae7a795d Mon Sep 17 00:00:00 2001 From: Kairo de Araujo Date: Thu, 23 Feb 2023 09:42:35 +0100 Subject: [PATCH] remove the pinned starlette version It removes the pinned starlette dependency version This pinned version was applied as a workaround for issue #183 The startelle version is updated to the latest version, which fixes a security issue https://github.com/advisories/GHSA-74m5-2c7w-9w3x The solution requires to install the new `httpx` development dependency to support the unit tests using the FastAPI TestClient as described in this link: https://fastapi.tiangolo.com/tutorial/testing/ A workaround needs to be applied to the tests which uses `DELETE` method. Signed-off-by: Kairo de Araujo --- Pipfile | 2 +- Pipfile.lock | 202 +++++++++++++++++++------------ requirements-dev.txt | 25 ++-- requirements.txt | 6 +- tests/unit/api/test_bootstrap.py | 13 +- tests/unit/api/test_targets.py | 36 +++++- tests/unit/test_app.py | 4 +- 7 files changed, 181 insertions(+), 107 deletions(-) diff --git a/Pipfile b/Pipfile index fe7b6945..dea23ed7 100644 --- a/Pipfile +++ b/Pipfile @@ -14,7 +14,6 @@ python-jose = "*" sqlalchemy = "*" redis = "*" bcrypt = "*" -starlette = "==0.20.4" [dev-packages] black = "*" @@ -40,6 +39,7 @@ mistune = "==0.8.4" myst-parser = "*" pre-commit = "*" bandit = "*" +httpx = "*" [requires] python_version = "3.10" diff --git a/Pipfile.lock b/Pipfile.lock index 74f04eea..07d8dc0d 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "255e248594a4508591ee52218c927217bdbb818f5a372654d173685a9c3e88aa" + "sha256": "7806a372cdcab0ffcd7f901ad9cf907793d4107367f4b7dbfdb4ff70525132e2" }, "pipfile-spec": 6, "requires": { @@ -139,11 +139,11 @@ }, "fastapi": { "hashes": [ - "sha256:1020d7ca205d8b95813881fb3282e9c3656e47993531af3aa4ae11065b61dd2c", - "sha256:cdcaff84ecf7ae939b9579f0c98b0a0989ee3dd855710a32bc985260d92612f6" + "sha256:023a0f5bd2c8b2609014d3bba1e14a1d7df96c6abea0a73070621c9862b9a4de", + "sha256:ae7b97c778e2f2ec3fb3cb4fb14162129411d99907fb71920f6d69a524340ebf" ], "index": "pypi", - "version": "==0.86.0" + "version": "==0.92.0" }, "greenlet": { "hashes": [ @@ -237,11 +237,11 @@ }, "prompt-toolkit": { "hashes": [ - "sha256:3e163f254bef5a03b146397d7c1963bd3e2812f0964bb9a24e6ec761fd28db63", - "sha256:aa64ad242a462c5ff0363a7b9cfe696c20d55d9fc60c11fd8e632d064804d305" + "sha256:6a2948ec427dfcc7c983027b1044b355db6aaa8be374f54ad2015471f7d81c5b", + "sha256:d5d73d4b5eb1a92ba884a88962b157f49b71e06c4348b417dd622b25cdd3800b" ], - "markers": "python_full_version >= '3.6.2'", - "version": "==3.0.36" + "markers": "python_full_version >= '3.7.0'", + "version": "==3.0.37" }, "pyasn1": { "hashes": [ @@ -406,11 +406,11 @@ }, "starlette": { "hashes": [ - "sha256:42fcf3122f998fefce3e2c5ad7e5edbf0f02cf685d646a83a08d404726af5084", - "sha256:c0414d5a56297d37f3db96a84034d61ce29889b9eaccf65eb98a0b39441fcaa3" + "sha256:774f1df1983fd594b9b6fb3ded39c2aa1979d10ac45caac0f4255cbe2acb8628", + "sha256:854c71e73736c429c2bdb07801f2c76c9cba497e7c3cf4988fde5e95fe4cdb3c" ], - "index": "pypi", - "version": "==0.20.4" + "markers": "python_version >= '3.7'", + "version": "==0.25.0" }, "typing-extensions": { "hashes": [ @@ -453,6 +453,14 @@ "markers": "python_version >= '3.6'", "version": "==0.7.13" }, + "anyio": { + "hashes": [ + "sha256:25ea0d673ae30af41a0c442f81cf3b38c7e79fdc7b60335a4c14e05eb0947421", + "sha256:fbbe32bd270d2a2ef3ed1c5d45041250284e31fc0a4df4a5a6071842051a51e3" + ], + "markers": "python_full_version >= '3.6.2'", + "version": "==3.6.2" + }, "attrs": { "hashes": [ "sha256:29e95c7f6778868dbd49170f98f8818f78f3dc5e0e37c0b1f474e3561b240836", @@ -721,60 +729,60 @@ }, "coverage": { "hashes": [ - "sha256:04481245ef966fbd24ae9b9e537ce899ae584d521dfbe78f89cad003c38ca2ab", - "sha256:0c45948f613d5d18c9ec5eaa203ce06a653334cf1bd47c783a12d0dd4fd9c851", - "sha256:10188fe543560ec4874f974b5305cd1a8bdcfa885ee00ea3a03733464c4ca265", - "sha256:218fe982371ac7387304153ecd51205f14e9d731b34fb0568181abaf7b443ba0", - "sha256:29571503c37f2ef2138a306d23e7270687c0efb9cab4bd8038d609b5c2393a3a", - "sha256:2a60d6513781e87047c3e630b33b4d1e89f39836dac6e069ffee28c4786715f5", - "sha256:2bf1d5f2084c3932b56b962a683074a3692bce7cabd3aa023c987a2a8e7612f6", - "sha256:3164d31078fa9efe406e198aecd2a02d32a62fecbdef74f76dad6a46c7e48311", - "sha256:32df215215f3af2c1617a55dbdfb403b772d463d54d219985ac7cd3bf124cada", - "sha256:33d1ae9d4079e05ac4cc1ef9e20c648f5afabf1a92adfaf2ccf509c50b85717f", - "sha256:33ff26d0f6cc3ca8de13d14fde1ff8efe1456b53e3f0273e63cc8b3c84a063d8", - "sha256:38da2db80cc505a611938d8624801158e409928b136c8916cd2e203970dde4dc", - "sha256:3b155caf3760408d1cb903b21e6a97ad4e2bdad43cbc265e3ce0afb8e0057e73", - "sha256:3b946bbcd5a8231383450b195cfb58cb01cbe7f8949f5758566b881df4b33baf", - "sha256:3baf5f126f30781b5e93dbefcc8271cb2491647f8283f20ac54d12161dff080e", - "sha256:4b14d5e09c656de5038a3f9bfe5228f53439282abcab87317c9f7f1acb280352", - "sha256:51b236e764840a6df0661b67e50697aaa0e7d4124ca95e5058fa3d7cbc240b7c", - "sha256:63ffd21aa133ff48c4dff7adcc46b7ec8b565491bfc371212122dd999812ea1c", - "sha256:6a43c7823cd7427b4ed763aa7fb63901ca8288591323b58c9cd6ec31ad910f3c", - "sha256:755e89e32376c850f826c425ece2c35a4fc266c081490eb0a841e7c1cb0d3bda", - "sha256:7a726d742816cb3a8973c8c9a97539c734b3a309345236cd533c4883dda05b8d", - "sha256:7c7c0d0827e853315c9bbd43c1162c006dd808dbbe297db7ae66cd17b07830f0", - "sha256:7ed681b0f8e8bcbbffa58ba26fcf5dbc8f79e7997595bf071ed5430d8c08d6f3", - "sha256:7ee5c9bb51695f80878faaa5598040dd6c9e172ddcf490382e8aedb8ec3fec8d", - "sha256:8361be1c2c073919500b6601220a6f2f98ea0b6d2fec5014c1d9cfa23dd07038", - "sha256:8ae125d1134bf236acba8b83e74c603d1b30e207266121e76484562bc816344c", - "sha256:9817733f0d3ea91bea80de0f79ef971ae94f81ca52f9b66500c6a2fea8e4b4f8", - "sha256:98b85dd86514d889a2e3dd22ab3c18c9d0019e696478391d86708b805f4ea0fa", - "sha256:9ccb092c9ede70b2517a57382a601619d20981f56f440eae7e4d7eaafd1d1d09", - "sha256:9d58885215094ab4a86a6aef044e42994a2bd76a446dc59b352622655ba6621b", - "sha256:b643cb30821e7570c0aaf54feaf0bfb630b79059f85741843e9dc23f33aaca2c", - "sha256:bc7c85a150501286f8b56bd8ed3aa4093f4b88fb68c0843d21ff9656f0009d6a", - "sha256:beeb129cacea34490ffd4d6153af70509aa3cda20fdda2ea1a2be870dfec8d52", - "sha256:c31b75ae466c053a98bf26843563b3b3517b8f37da4d47b1c582fdc703112bc3", - "sha256:c4e4881fa9e9667afcc742f0c244d9364d197490fbc91d12ac3b5de0bf2df146", - "sha256:c5b15ed7644ae4bee0ecf74fee95808dcc34ba6ace87e8dfbf5cb0dc20eab45a", - "sha256:d12d076582507ea460ea2a89a8c85cb558f83406c8a41dd641d7be9a32e1274f", - "sha256:d248cd4a92065a4d4543b8331660121b31c4148dd00a691bfb7a5cdc7483cfa4", - "sha256:d47dd659a4ee952e90dc56c97d78132573dc5c7b09d61b416a9deef4ebe01a0c", - "sha256:d4a5a5879a939cb84959d86869132b00176197ca561c664fc21478c1eee60d75", - "sha256:da9b41d4539eefd408c46725fb76ecba3a50a3367cafb7dea5f250d0653c1040", - "sha256:db61a79c07331e88b9a9974815c075fbd812bc9dbc4dc44b366b5368a2936063", - "sha256:ddb726cb861c3117a553f940372a495fe1078249ff5f8a5478c0576c7be12050", - "sha256:ded59300d6330be27bc6cf0b74b89ada58069ced87c48eaf9344e5e84b0072f7", - "sha256:e2617759031dae1bf183c16cef8fcfb3de7617f394c813fa5e8e46e9b82d4222", - "sha256:e5cdbb5cafcedea04924568d990e20ce7f1945a1dd54b560f879ee2d57226912", - "sha256:ec8e767f13be637d056f7e07e61d089e555f719b387a7070154ad80a0ff31801", - "sha256:ef382417db92ba23dfb5864a3fc9be27ea4894e86620d342a116b243ade5d35d", - "sha256:f2cba5c6db29ce991029b5e4ac51eb36774458f0a3b8d3137241b32d1bb91f06", - "sha256:f5b4198d85a3755d27e64c52f8c95d6333119e49fd001ae5798dac872c95e0f8", - "sha256:ffeeb38ee4a80a30a6877c5c4c359e5498eec095878f1581453202bfacc8fbc2" + "sha256:049806ae2df69468c130f04f0fab4212c46b34ba5590296281423bb1ae379df2", + "sha256:08e3dd256b8d3e07bb230896c8c96ec6c5dffbe5a133ba21f8be82b275b900e8", + "sha256:0f03c229f1453b936916f68a47b3dfb5e84e7ad48e160488168a5e35115320c8", + "sha256:171dd3aa71a49274a7e4fc26f5bc167bfae5a4421a668bc074e21a0522a0af4b", + "sha256:1856a8c4aa77eb7ca0d42c996d0ca395ecafae658c1432b9da4528c429f2575c", + "sha256:28563a35ef4a82b5bc5160a01853ce62b9fceee00760e583ffc8acf9e3413753", + "sha256:2c15bd09fd5009f3a79c8b3682b52973df29761030b692043f9834fc780947c4", + "sha256:2c9fffbc39dc4a6277e1525cab06c161d11ee3995bbc97543dc74fcec33e045b", + "sha256:2d7daf3da9c7e0ed742b3e6b4de6cc464552e787b8a6449d16517b31bbdaddf5", + "sha256:32e6a730fd18b2556716039ab93278ccebbefa1af81e6aa0c8dba888cf659e6e", + "sha256:34d7211be69b215ad92298a962b2cd5a4ef4b17c7871d85e15d3d1b6dc8d8c96", + "sha256:358d3bce1468f298b19a3e35183bdb13c06cdda029643537a0cc37e55e74e8f1", + "sha256:3713a8ec18781fda408f0e853bf8c85963e2d3327c99a82a22e5c91baffcb934", + "sha256:40785553d68c61e61100262b73f665024fd2bb3c6f0f8e2cd5b13e10e4df027b", + "sha256:4655ecd813f4ba44857af3e9cffd133ab409774e9d2a7d8fdaf4fdfd2941b789", + "sha256:465ea431c3b78a87e32d7d9ea6d081a1003c43a442982375cf2c247a19971961", + "sha256:4b8fd32f85b256fc096deeb4872aeb8137474da0c0351236f93cbedc359353d6", + "sha256:4c1153a6156715db9d6ae8283480ae67fb67452aa693a56d7dae9ffe8f7a80da", + "sha256:577a8bc40c01ad88bb9ab1b3a1814f2f860ff5c5099827da2a3cafc5522dadea", + "sha256:59a427f8a005aa7254074719441acb25ac2c2f60c1f1026d43f846d4254c1c2f", + "sha256:5e29a64e9586194ea271048bc80c83cdd4587830110d1e07b109e6ff435e5dbc", + "sha256:74cd60fa00f46f28bd40048d6ca26bd58e9bee61d2b0eb4ec18cea13493c003f", + "sha256:7efa21611ffc91156e6f053997285c6fe88cfef3fb7533692d0692d2cb30c846", + "sha256:7f992b32286c86c38f07a8b5c3fc88384199e82434040a729ec06b067ee0d52c", + "sha256:875b03d92ac939fbfa8ae74a35b2c468fc4f070f613d5b1692f9980099a3a210", + "sha256:88ae5929f0ef668b582fd7cad09b5e7277f50f912183cf969b36e82a1c26e49a", + "sha256:8d5302eb84c61e758c9d68b8a2f93a398b272073a046d07da83d77b0edc8d76b", + "sha256:90e7a4cbbb7b1916937d380beb1315b12957b8e895d7d9fb032e2038ac367525", + "sha256:9240a0335365c29c968131bdf624bb25a8a653a9c0d8c5dbfcabf80b59c1973c", + "sha256:932048364ff9c39030c6ba360c31bf4500036d4e15c02a2afc5a76e7623140d4", + "sha256:93db11da6e728587e943dff8ae1b739002311f035831b6ecdb15e308224a4247", + "sha256:971b49dbf713044c3e5f6451b39f65615d4d1c1d9a19948fa0f41b0245a98765", + "sha256:9cc9c41aa5af16d845b53287051340c363dd03b7ef408e45eec3af52be77810d", + "sha256:9dbb21561b0e04acabe62d2c274f02df0d715e8769485353ddf3cf84727e31ce", + "sha256:a6ceeab5fca62bca072eba6865a12d881f281c74231d2990f8a398226e1a5d96", + "sha256:ad12c74c6ce53a027f5a5ecbac9be20758a41c85425c1bbab7078441794b04ee", + "sha256:b09dd7bef59448c66e6b490cc3f3c25c14bc85d4e3c193b81a6204be8dd355de", + "sha256:bd67df6b48db18c10790635060858e2ea4109601e84a1e9bfdd92e898dc7dc79", + "sha256:bf9e02bc3dee792b9d145af30db8686f328e781bd212fdef499db5e9e4dd8377", + "sha256:bfa065307667f1c6e1f4c3e13f415b0925e34e56441f5fda2c84110a4a1d8bda", + "sha256:c160e34e388277f10c50dc2c7b5e78abe6d07357d9fe7fcb2f3c156713fd647e", + "sha256:c243b25051440386179591a8d5a5caff4484f92c980fb6e061b9559da7cc3f64", + "sha256:c3c4beddee01c8125a75cde3b71be273995e2e9ec08fbc260dd206b46bb99969", + "sha256:cd38140b56538855d3d5722c6d1b752b35237e7ea3f360047ce57f3fade82d98", + "sha256:d7f2a7df523791e6a63b40360afa6792a11869651307031160dc10802df9a252", + "sha256:da32526326e8da0effb452dc32a21ffad282c485a85a02aeff2393156f69c1c3", + "sha256:dc4f9a89c82faf6254d646180b2e3aa4daf5ff75bdb2c296b9f6a6cf547e26a7", + "sha256:f0557289260125a6c453ad5673ba79e5b6841d9a20c9e101f758bfbedf928a77", + "sha256:f332d61fbff353e2ef0f3130a166f499c3fad3a196e7f7ae72076d41a6bfb259", + "sha256:f3ff4205aff999164834792a3949f82435bc7c7655c849226d5836c3242d7451", + "sha256:ffa637a2d5883298449a5434b699b22ef98dd8e2ef8a1d9e60fa9cfe79813411" ], "index": "pypi", - "version": "==7.1.0" + "version": "==7.2.0" }, "cryptography": { "hashes": [ @@ -860,6 +868,30 @@ "markers": "python_version >= '3.7'", "version": "==3.1.31" }, + "h11": { + "hashes": [ + "sha256:8f19fbbe99e72420ff35c00b27a34cb9937e902a8b810e2c88300c6f0a3b699d", + "sha256:e3fe4ac4b851c468cc8363d500db52c2ead036020723024a109d37346efaa761" + ], + "markers": "python_version >= '3.7'", + "version": "==0.14.0" + }, + "httpcore": { + "hashes": [ + "sha256:c5d6f04e2fc530f39e0c077e6a30caa53f1451096120f1f38b954afd0b17c0cb", + "sha256:da1fb708784a938aa084bde4feb8317056c55037247c787bd7e19eb2c2949dc0" + ], + "markers": "python_version >= '3.7'", + "version": "==0.16.3" + }, + "httpx": { + "hashes": [ + "sha256:9818458eb565bb54898ccb9b8b251a28785dd4a55afbc23d0eb410754fe7d0f9", + "sha256:a211fcce9b1254ea24f0cd6af9869b3d29aba40154e947d2a07bb499b3e310d6" + ], + "index": "pypi", + "version": "==0.23.3" + }, "identify": { "hashes": [ "sha256:89e144fa560cc4cffb6ef2ab5e9fb18ed9f9b3cb054384bab4b95c12f6c309fe", @@ -924,11 +956,11 @@ }, "markdown-it-py": { "hashes": [ - "sha256:93de681e5c021a432c63147656fe21790bc01231e0cd2da73626f1aa3ac0fe27", - "sha256:cf7e59fed14b5ae17c0006eff14a2d9a00ed5f3a846148153899a0224e2c07da" + "sha256:5a35f8d1870171d9acc47b99612dc146129b631baf04970128b568f190d0cc30", + "sha256:7c9a5e412688bc771c67432cbfebcdd686c93ce6484913dccf06cb5a0bea35a1" ], "markers": "python_version >= '3.7'", - "version": "==2.1.0" + "version": "==2.2.0" }, "markupsafe": { "hashes": [ @@ -1084,11 +1116,11 @@ }, "pre-commit": { "hashes": [ - "sha256:9e3255edb0c9e7fe9b4f328cb3dc86069f8fdc38026f1bf521018a05eaf4d67b", - "sha256:bc4687478d55578c4ac37272fe96df66f73d9b5cf81be6f28627d4e712e752d5" + "sha256:61bd9f1b96d3d1e763f2a9a0f8522aed341646800642ff6803c73fac5781f5b7", + "sha256:7001dfcd174540658822b1fd3630ceadf4f41375a5d1844b5c3b3830f227348c" ], "index": "pypi", - "version": "==3.0.4" + "version": "==3.1.0" }, "pretend": { "hashes": [ @@ -1239,13 +1271,23 @@ "markers": "python_version >= '3.7' and python_version < '4'", "version": "==2.28.2" }, + "rfc3986": { + "extras": [ + "idna2008" + ], + "hashes": [ + "sha256:270aaf10d87d0d4e095063c65bf3ddbc6ee3d0b226328ce21e036f946e421835", + "sha256:a86d6e1f5b1dc238b218b012df0aa79409667bb209e58da56d0b94704e712a97" + ], + "version": "==1.5.0" + }, "setuptools": { "hashes": [ - "sha256:9d3de8591bd6f6522594406fa46a6418eabd0562dacb267f8556675762801514", - "sha256:ed4e75fafe103c79b692f217158ba87edf38d31004b9dbc1913debb48793c828" + "sha256:e5fd0a713141a4a105412233c63dc4e17ba0090c8e8334594ac790ec97792330", + "sha256:f106dee1b506dee5102cc3f3e9e68137bbad6d47b616be7991714b0c62204251" ], "markers": "python_version >= '3.7'", - "version": "==67.3.3" + "version": "==67.4.0" }, "six": { "hashes": [ @@ -1263,6 +1305,14 @@ "markers": "python_version >= '3.6'", "version": "==5.0.0" }, + "sniffio": { + "hashes": [ + "sha256:e60305c5e5d314f5389259b7f22aaa33d8f7dee49763119234af3755c55b9101", + "sha256:eecefdce1e5bbfb7ad2eeaabf7c1eeb404d7757c379bd1f7e5cce9d8bf425384" + ], + "markers": "python_version >= '3.7'", + "version": "==1.3.0" + }, "snowballstemmer": { "hashes": [ "sha256:09b16deb8547d3412ad7b590689584cd0fe25ec8db3be37788be3810cbf19cb1", @@ -1382,11 +1432,11 @@ }, "tox": { "hashes": [ - "sha256:1081864f1a1393ffa11ebe9beaa280349020579310d217a594a4e7b6124c5425", - "sha256:f9bc83c5da8666baa2a4d4e884bbbda124fe646e4b1c0e412949cecc2b6e8f90" + "sha256:9786671d23b673ace7499c602c5746e2a225d1ecd9d9f624d0461303f40bd93b", + "sha256:e3d4a65852f029e5ba441a01824d2d839d30bb8fb071635ef9cb53952698e6bf" ], "index": "pypi", - "version": "==4.4.5" + "version": "==4.4.6" }, "typing-extensions": { "hashes": [ diff --git a/requirements-dev.txt b/requirements-dev.txt index 50143410..8570c5c3 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,5 +1,6 @@ -i https://pypi.org/simple alabaster==0.7.13 ; python_version >= '3.6' +anyio==3.6.2 ; python_full_version >= '3.6.2' attrs==22.2.0 ; python_version >= '3.6' babel==2.11.0 ; python_version >= '3.6' bandit==1.7.4 @@ -12,7 +13,7 @@ chardet==5.1.0 ; python_version >= '3.7' charset-normalizer==3.0.1 ; python_full_version >= '3.6.0' click==8.1.3 ; python_version >= '3.7' colorama==0.4.6 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6' -coverage==7.1.0 +coverage==7.2.0 cryptography==39.0.1 distlib==0.3.6 docutils==0.18.1 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' @@ -21,6 +22,9 @@ filelock==3.9.0 ; python_version >= '3.7' flake8==6.0.0 gitdb==4.0.10 ; python_version >= '3.7' gitpython==3.1.31 ; python_version >= '3.7' +h11==0.14.0 ; python_version >= '3.7' +httpcore==0.16.3 ; python_version >= '3.7' +httpx==0.23.3 identify==2.5.18 ; python_version >= '3.7' idna==3.4 ; python_version >= '3.5' imagesize==1.4.1 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' @@ -29,7 +33,7 @@ isort==5.12.0 jinja2==3.1.2 ; python_version >= '3.7' jsonschema==4.17.3 ; python_version >= '3.7' m2r==0.3.1 -markdown-it-py==2.1.0 ; python_version >= '3.7' +markdown-it-py==2.2.0 ; python_version >= '3.7' markupsafe==2.1.2 ; python_version >= '3.7' mccabe==0.7.0 ; python_version >= '3.6' mdit-py-plugins==0.3.4 ; python_version >= '3.7' @@ -43,7 +47,7 @@ pathspec==0.11.0 ; python_version >= '3.7' pbr==5.11.1 ; python_version >= '2.6' platformdirs==3.0.0 ; python_version >= '3.7' pluggy==1.0.0 ; python_version >= '3.6' -pre-commit==3.0.4 +pre-commit==3.1.0 pretend==1.0.9 pycodestyle==2.10.0 ; python_version >= '3.6' pycparser==2.21 @@ -55,9 +59,11 @@ pytest==7.2.1 pytz==2022.7.1 pyyaml==6.0 ; python_version >= '3.6' requests==2.28.2 ; python_version >= '3.7' and python_version < '4' -setuptools==67.3.3 ; python_version >= '3.7' +rfc3986[idna2008]==1.5.0 +setuptools==67.4.0 ; python_version >= '3.7' six==1.16.0 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' smmap==5.0.0 ; python_version >= '3.6' +sniffio==1.3.0 ; python_version >= '3.7' snowballstemmer==2.2.0 sphinx==5.3.0 sphinx-rtd-theme==1.2.0 @@ -73,13 +79,12 @@ sphinxcontrib-qthelp==1.0.3 sphinxcontrib-serializinghtml==1.1.5 stevedore==5.0.0 ; python_version >= '3.8' tomli==2.0.1 ; python_version < '3.11' -tox==4.4.5 +tox==4.4.6 typing-extensions==4.5.0 ; python_version >= '3.7' urllib3==1.26.14 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' virtualenv==20.19.0 ; python_version >= '3.7' voluptuous==0.13.1 amqp==5.1.1 ; python_version >= '3.6' -anyio==3.6.2 ; python_full_version >= '3.6.2' async-timeout==4.0.2 ; python_version >= '3.6' bcrypt==4.0.1 billiard==3.6.4.0 @@ -90,20 +95,18 @@ click-repl==0.2.0 configobj==5.0.8 dynaconf==3.1.11 ecdsa==0.18.0 ; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' -fastapi==0.86.0 +fastapi==0.92.0 greenlet==2.0.2 ; platform_machine == 'aarch64' or (platform_machine == 'ppc64le' or (platform_machine == 'x86_64' or (platform_machine == 'amd64' or (platform_machine == 'AMD64' or (platform_machine == 'win32' or platform_machine == 'WIN32'))))) -h11==0.14.0 ; python_version >= '3.7' kombu==5.2.4 ; python_version >= '3.7' -prompt-toolkit==3.0.36 ; python_full_version >= '3.6.2' +prompt-toolkit==3.0.37 ; python_full_version >= '3.7.0' pyasn1==0.4.8 pydantic==1.10.5 ; python_version >= '3.7' python-jose==3.3.0 python-multipart==0.0.5 redis==4.5.1 rsa==4.9 ; python_version >= '3.6' and python_version < '4' -sniffio==1.3.0 ; python_version >= '3.7' sqlalchemy==2.0.4 -starlette==0.20.4 +starlette==0.25.0 ; python_version >= '3.7' uvicorn==0.20.0 vine==5.0.0 ; python_version >= '3.6' wcwidth==0.2.6 diff --git a/requirements.txt b/requirements.txt index d960e81d..6ab373a4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -12,12 +12,12 @@ click-repl==0.2.0 configobj==5.0.8 dynaconf==3.1.11 ecdsa==0.18.0 ; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' -fastapi==0.86.0 +fastapi==0.92.0 greenlet==2.0.2 ; platform_machine == 'aarch64' or (platform_machine == 'ppc64le' or (platform_machine == 'x86_64' or (platform_machine == 'amd64' or (platform_machine == 'AMD64' or (platform_machine == 'win32' or platform_machine == 'WIN32'))))) h11==0.14.0 ; python_version >= '3.7' idna==3.4 ; python_version >= '3.5' kombu==5.2.4 ; python_version >= '3.7' -prompt-toolkit==3.0.36 ; python_full_version >= '3.6.2' +prompt-toolkit==3.0.37 ; python_full_version >= '3.7.0' pyasn1==0.4.8 pydantic==1.10.5 ; python_version >= '3.7' python-jose==3.3.0 @@ -28,7 +28,7 @@ rsa==4.9 ; python_version >= '3.6' and python_version < '4' six==1.16.0 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' sniffio==1.3.0 ; python_version >= '3.7' sqlalchemy==2.0.4 -starlette==0.20.4 +starlette==0.25.0 ; python_version >= '3.7' typing-extensions==4.5.0 ; python_version >= '3.7' uvicorn==0.20.0 vine==5.0.0 ; python_version >= '3.6' diff --git a/tests/unit/api/test_bootstrap.py b/tests/unit/api/test_bootstrap.py index 30144ede..8c060174 100644 --- a/tests/unit/api/test_bootstrap.py +++ b/tests/unit/api/test_bootstrap.py @@ -12,7 +12,6 @@ class TestGetBoostrap: def test_get_boostrap_available( self, test_client, token_headers, monkeypatch ): - url = "/api/v1/bootstrap/" mocked_check_metadata = pretend.call_recorder(lambda: False) monkeypatch.setattr( @@ -22,7 +21,7 @@ def test_get_boostrap_available( response = test_client.get(url, headers=token_headers) assert response.status_code == status.HTTP_200_OK - assert response.url == test_client.base_url + url + assert response.url == f"{test_client.base_url}{url}" assert response.json() == { "data": {"bootstrap": False}, "message": "System available for bootstrap.", @@ -32,7 +31,6 @@ def test_get_boostrap_available( def test_get_boostrap_not_available( self, test_client, monkeypatch, token_headers ): - url = "/api/v1/bootstrap/" mocked_check_metadata = pretend.call_recorder(lambda: True) @@ -43,7 +41,7 @@ def test_get_boostrap_not_available( response = test_client.get(url, headers=token_headers) assert response.status_code == status.HTTP_200_OK - assert response.url == test_client.base_url + url + assert response.url == f"{test_client.base_url}{url}" assert response.json() == { "data": {"bootstrap": True}, "message": "System LOCKED for bootstrap.", @@ -51,7 +49,6 @@ def test_get_boostrap_not_available( assert mocked_check_metadata.calls == [pretend.call()] def test_get_boostrap_invalid_token(self, test_client, monkeypatch): - url = "/api/v1/bootstrap/" mocked_check_metadata = pretend.call_recorder(lambda: False) monkeypatch.setattr( @@ -129,7 +126,7 @@ def test_post_bootstrap(self, test_client, monkeypatch, token_headers): response = test_client.post(url, json=payload, headers=token_headers) assert response.status_code == status.HTTP_202_ACCEPTED - assert response.url == test_client.base_url + url + assert response.url == f"{test_client.base_url}{url}" assert response.json() == { "message": "Bootstrap accepted.", "data": {"task_id": "123"}, @@ -153,7 +150,7 @@ def test_post_bootstrap_already_bootstrap( response = test_client.post(url, json=payload, headers=token_headers) assert response.status_code == status.HTTP_200_OK - assert response.url == test_client.base_url + url + assert response.url == f"{test_client.base_url}{url}" assert response.json() == { "detail": {"error": "System already has a Metadata."} } @@ -164,7 +161,7 @@ def test_post_bootstrap_empty_payload(self, test_client, token_headers): response = test_client.post(url, json={}, headers=token_headers) assert response.status_code == status.HTTP_422_UNPROCESSABLE_ENTITY - assert response.url == test_client.base_url + url + assert response.url == f"{test_client.base_url}{url}" assert response.json() == { "detail": [ { diff --git a/tests/unit/api/test_targets.py b/tests/unit/api/test_targets.py index 36251486..3d899039 100644 --- a/tests/unit/api/test_targets.py +++ b/tests/unit/api/test_targets.py @@ -303,7 +303,11 @@ def test_delete(self, monkeypatch, test_client, token_headers): "repository_service_tuf_api.targets.datetime", fake_datetime ) - response = test_client.delete(url, json=payload, headers=token_headers) + # https://github.com/tiangolo/fastapi/issues/5649 + response = test_client.request( + "DELETE", url, json=payload, headers=token_headers + ) + assert response.status_code == status.HTTP_202_ACCEPTED assert response.json() == { "data": { @@ -359,7 +363,11 @@ def test_delete_publish_targets_false( "repository_service_tuf_api.targets.datetime", fake_datetime ) - response = test_client.delete(url, json=payload, headers=token_headers) + # https://github.com/tiangolo/fastapi/issues/5649 + response = test_client.request( + "DELETE", url, json=payload, headers=token_headers + ) + assert response.status_code == status.HTTP_202_ACCEPTED msg = ( "Remove Target(s) successfully submitted. " @@ -397,7 +405,11 @@ def test_delete_without_bootstrap( "repository_service_tuf_api.targets.is_bootstrap_done", lambda: False, ) - response = test_client.delete(url, json=payload, headers=token_headers) + # https://github.com/tiangolo/fastapi/issues/5649 + response = test_client.request( + "DELETE", url, json=payload, headers=token_headers + ) + assert response.status_code == status.HTTP_200_OK assert response.json() == { "detail": {"error": "System has not a Repository Metadata"} @@ -408,7 +420,11 @@ def test_delete_missing_required_field(self, test_client, token_headers): payload = {"paths": ["file-v1.0.0_i683.tar.gz", "v0.4.1/file.tar.gz"]} - response = test_client.delete(url, json=payload, headers=token_headers) + # https://github.com/tiangolo/fastapi/issues/5649 + response = test_client.request( + "DELETE", url, json=payload, headers=token_headers + ) + assert response.status_code == status.HTTP_422_UNPROCESSABLE_ENTITY def test_delete_unauthorized_invalid_token(self, test_client): @@ -421,7 +437,11 @@ def test_delete_unauthorized_invalid_token(self, test_client): "targets": ["file-v1.0.0_i683.tar.gz", "v0.4.1/file.tar.gz"] } - response = test_client.delete(url, json=payload, headers=headers) + # https://github.com/tiangolo/fastapi/issues/5649 + response = test_client.request( + "DELETE", url, json=payload, headers=headers + ) + assert response.status_code == status.HTTP_401_UNAUTHORIZED assert response.json() == { "detail": {"error": "Failed to validate token"} @@ -444,7 +464,11 @@ def test_post_forbidden_user_incorrect_scope_token(self, test_client): "targets": ["file-v1.0.0_i683.tar.gz", "v0.4.1/file.tar.gz"] } - response = test_client.delete(url, json=payload, headers=headers) + # https://github.com/tiangolo/fastapi/issues/5649 + response = test_client.request( + "DELETE", url, json=payload, headers=headers + ) + assert response.status_code == status.HTTP_403_FORBIDDEN assert response.json() == { "detail": {"error": "scope 'delete:targets' not allowed"} diff --git a/tests/unit/test_app.py b/tests/unit/test_app.py index 542844b3..20460037 100644 --- a/tests/unit/test_app.py +++ b/tests/unit/test_app.py @@ -8,7 +8,7 @@ def test_root(test_client): response = test_client.get("/") - assert response.url == test_client.base_url + "/" + assert response.url == f"{test_client.base_url}/" assert response.status_code == status.HTTP_200_OK assert "Repository Service for TUF API" in response.text @@ -16,6 +16,6 @@ def test_root(test_client): def test_default_notfound(test_client): response = test_client.get("/invalid_url") - assert response.url == test_client.base_url + "/invalid_url" + assert response.url == f"{test_client.base_url}/invalid_url" assert response.status_code == status.HTTP_404_NOT_FOUND assert response.json() == {"detail": "Not Found"}