Skip to content
This repository has been archived by the owner on Sep 7, 2023. It is now read-only.

Update packages: jinja2, pyyaml #1481

Merged
merged 3 commits into from Mar 24, 2019
Merged

Update packages: jinja2, pyyaml #1481

merged 3 commits into from Mar 24, 2019

Conversation

kvch
Copy link
Member

@kvch kvch commented Jan 7, 2019

When searching using the theme "simple" the following exception shows up:

[2019-01-07 18:44:03,339] ERROR in app: Exception on / [POST]
Traceback (most recent call last):
  File "/home/n/p/searx/venv/local/lib/python2.7/site-packages/flask/app.py", line 1982, in wsgi_app
    response = self.full_dispatch_request()
  File "/home/n/p/searx/venv/local/lib/python2.7/site-packages/flask/app.py", line 1614, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/home/n/p/searx/venv/local/lib/python2.7/site-packages/flask/app.py", line 1517, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/home/n/p/searx/venv/local/lib/python2.7/site-packages/flask/app.py", line 1612, in full_dispatch_request
    rv = self.dispatch_request()
  File "/home/n/p/searx/venv/local/lib/python2.7/site-packages/flask/app.py", line 1598, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "searx/webapp.py", line 600, in index
    favicons=global_favicons[themes.index(get_current_theme_name())]
  File "searx/webapp.py", line 397, in render
    '{}/{}'.format(kwargs['theme'], template_name), **kwargs)
  File "/home/n/p/searx/venv/local/lib/python2.7/site-packages/flask/templating.py", line 133, in render_template
    return _render(ctx.app.jinja_env.get_or_select_template(template_name_or_list),
  File "/home/n/p/searx/venv/local/lib/python2.7/site-packages/jinja2/environment.py", line 869, in get_or_select_template
    return self.get_template(template_name_or_list, parent, globals)
  File "/home/n/p/searx/venv/local/lib/python2.7/site-packages/jinja2/environment.py", line 830, in get_template
    return self._load_template(name, self.make_globals(globals))
  File "/home/n/p/searx/venv/local/lib/python2.7/site-packages/jinja2/environment.py", line 804, in _load_template
    template = self.loader.load(self, name, globals)
  File "/home/n/p/searx/venv/local/lib/python2.7/site-packages/jinja2/loaders.py", line 125, in load
    code = environment.compile(source, name, filename)
  File "/home/n/p/searx/venv/local/lib/python2.7/site-packages/jinja2/environment.py", line 591, in compile
    self.handle_exception(exc_info, source_hint=source_hint)
  File "/home/n/p/searx/venv/local/lib/python2.7/site-packages/jinja2/environment.py", line 780, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/home/n/p/searx/searx/templates/simple/results.html", line 9, in template
    {% if results and results|map(attribute='template')|unique|list|count == 1 %}
TemplateAssertionError: no filter named 'unique'

The missing function is part of Jinja2 2.10, but not 2.9.

Pyyaml is update because the following vulnerability has come to daylight: https://nvd.nist.gov/vuln/detail/CVE-2017-18342 The fix is based on this: yaml/pyyaml#243 (comment)

Copy link
Contributor

@dalf dalf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, also,
I would upgrade requests to 2.21.0 because the version 2.19.1 has the CVE-2018-18074 (not a concern for searx, but still).

requirements.txt fully updated :

certifi==2018.11.29
flask==1.0.2
flask-babel==0.11.2
pygments==2.1.3
pyyaml==3.13
python-dateutil==2.7.5
pyopenssl==19.0.0
lxml==4.3.0
idna==2.8
requests[socks]==2.22.0
  • certifi : never updated since a long time
  • lxml 4.3.0 : The module lxml.sax is compiled using Cython in order to speed it up.
  • pyOpenSSL 19.0.0 : now works with OpenSSL 1.1.1

(sorry for the long long delay).

@dalf dalf merged commit 252ba92 into searx:master Mar 24, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants