From 112598d44ee682553c2540b853f9626085b8df2c Mon Sep 17 00:00:00 2001 From: Nicolas Simonds Date: Wed, 4 Jan 2023 09:11:51 -0800 Subject: [PATCH 1/3] Remove vestigial future package from requirements This package appears to be a holdover from dropping Python 2.x support, and is no longer needed. This resolves https://nvd.nist.gov/vuln/detail/CVE-2022-40899 Also update tox.ini to work wirth modern vintages of tox. --- requirements.txt | 1 - stestr/repository/file.py | 2 +- tox.ini | 4 +++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/requirements.txt b/requirements.txt index 26797119..55149fed 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,6 @@ # The order of packages is significant, because pip processes them in the order # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. -future pbr!=2.1.0,>=2.0.0,!=4.0.0,!=4.0.1,!=4.0.2,!=4.0.3 # Apache-2.0 cliff>=2.8.0 # Apache-2.0 python-subunit>=1.4.0 # Apache-2.0/BSD diff --git a/stestr/repository/file.py b/stestr/repository/file.py index 6ecf1ec6..581e45a6 100644 --- a/stestr/repository/file.py +++ b/stestr/repository/file.py @@ -19,7 +19,7 @@ import sys import tempfile -from future.moves.dbm import dumb as my_dbm +from dbm import dumb as my_dbm from subunit import TestProtocolClient import subunit.v2 import testtools diff --git a/tox.ini b/tox.ini index 3f04e2d1..69b42b34 100644 --- a/tox.ini +++ b/tox.ini @@ -7,7 +7,9 @@ skipsdist = True usedevelop = True install_command = pip install -U --force-reinstall {opts} {packages} setenv = VIRTUAL_ENV={envdir} -whitelist_externals = find +allowlist_externals = + find + stestr deps = -r{toxinidir}/requirements.txt -r{toxinidir}/test-requirements.txt commands = From 9d5a5041ff5aa80d6d78e1b7ba0ebabc04a552c8 Mon Sep 17 00:00:00 2001 From: Matthew Treinish Date: Wed, 4 Jan 2023 12:44:45 -0500 Subject: [PATCH 2/3] Drop Python 3.6 support and add 3.11 support. Python 3.6 is now EoL and testing it is not tractable anymore. This commit removes support (marked via package metadata trove classifiers) and CI configuration for running with 3.6 from the project. --- .github/workflows/main.yml | 2 +- setup.cfg | 2 +- tox.ini | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d82eafb3..a2d92ac8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -10,7 +10,7 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - python-version: [3.6, 3.7, 3.8, 3.9, "3.10"] + python-version: [3.7, 3.8, 3.9, "3.10", "3.11"] os: ["macOS-latest", "ubuntu-latest", "windows-latest"] steps: - uses: actions/checkout@v2 diff --git a/setup.cfg b/setup.cfg index 53fbf876..b3b35fe8 100644 --- a/setup.cfg +++ b/setup.cfg @@ -15,11 +15,11 @@ classifier = Operating System :: OS Independent Programming Language :: Python Programming Language :: Python :: 3 - Programming Language :: Python :: 3.6 Programming Language :: Python :: 3.7 Programming Language :: Python :: 3.8 Programming Language :: Python :: 3.9 Programming Language :: Python :: 3.10 + Programming Language :: Python :: 3.11 Topic :: Software Development :: Testing Topic :: Software Development :: Quality Assurance project_urls = diff --git a/tox.ini b/tox.ini index 69b42b34..72ff9eeb 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] minversion = 1.6 -envlist = py310,py39,py38,py37,py36,pep8 +envlist = py311,py310,py39,py38,py37,pep8 skipsdist = True [testenv] From f0ab74b80a0b744c9d8b094632051afbe1c5c73e Mon Sep 17 00:00:00 2001 From: Matthew Treinish Date: Wed, 4 Jan 2023 12:57:19 -0500 Subject: [PATCH 3/3] Pin tox < 4.0.0 The most recent tox release, 4.x.y, is a major rewrite of the internals of tox and several things behave quite differently. This new release is causing CI jobs to fail as something in incompatible with our tox configuration (likely because it's using wheel builds instead of sdists). This commit pins the tox version we're using in CI to unblock things until we can update the tox configuration to be compatible with the new version tox. --- .github/workflows/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a2d92ac8..310def28 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -28,7 +28,7 @@ jobs: ${{ runner.os }}-${{ matrix.python-version }}-pip- ${{ runner.os }}-${{ matrix.python-version }} - name: Install Deps - run: python -m pip install -U tox setuptools virtualenv wheel + run: python -m pip install -U 'tox<4' setuptools virtualenv wheel - name: Install and Run Tests run: tox -e py if: runner.os != 'macOS' @@ -57,7 +57,7 @@ jobs: ${{ runner.os }}-${{ matrix.python-version }}-pip- ${{ runner.os }}-${{ matrix.python-version }}- - name: Install Deps - run: python -m pip install -U tox + run: python -m pip install -U 'tox<4' - name: Run lint run: tox -epep8 cover: @@ -79,7 +79,7 @@ jobs: ${{ runner.os }}-${{ matrix.python-version }}-pip- ${{ runner.os }}-${{ matrix.python-version }}- - name: Install Deps - run: python -m pip install -U tox + run: python -m pip install -U 'tox<4' - name: Run coverxml run: tox -ecoverxml - name: codecov @@ -111,7 +111,7 @@ jobs: ${{ runner.os }}-pip- ${{ runner.os }}- - name: Install Deps - run: python -m pip install -U tox + run: python -m pip install -U 'tox<4' - name: Build Docs run: tox -edocs - uses: actions/upload-artifact@v2