From 7f7210612ca84620ff70d0671976720f8d1ca35c Mon Sep 17 00:00:00 2001 From: "Peter A. Jonsson" Date: Thu, 16 Nov 2023 07:46:06 +0100 Subject: [PATCH 1/2] setup.py: bump flask version Update flask to 2.2.5 to fix CVE-2023-30861 and restrict Werkzeug to <3 to fix: ImportError: cannot import name 'url_quote' from 'werkzeug.urls' (/usr/local/lib/python3.8/dist-packages/werkzeug/urls.py) in the integration tests. --- setup.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 6cbb4e3ea..0b5953a44 100755 --- a/setup.py +++ b/setup.py @@ -74,7 +74,7 @@ "datacube>=1.8.10", "eodatasets3>=0.25.0", "fiona", - "flask==2.1.3", + "flask==2.2.5", "Flask-Caching", "flask-cors", "flask-themer>=1.4.3", @@ -93,6 +93,7 @@ "sqlalchemy>=1.4", "structlog>=20.2.0", "pytz", + "werkzeug<3", ], tests_require=tests_require, extras_require=extras_require, From ff1e382973550559216f1a5782fad4b375b11ba8 Mon Sep 17 00:00:00 2001 From: "Peter A. Jonsson" Date: Thu, 16 Nov 2023 08:13:07 +0100 Subject: [PATCH 2/2] Dockerfile: leave test-files in /code Commit f3853520 removed the content of /code which is great for deployment images, but breaks the integration tests. Only remove .git* instead, since that is the bulk of the size of the /code directory. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2bf4f4e56..049b91a10 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,7 +43,7 @@ WORKDIR $APPDIR # want to delete the stuff in the /code folder to keep it simple. RUN if [ "$ENVIRONMENT" = "deployment" ] ; then\ pip install .[$ENVIRONMENT]; \ - rm -rf /code/* /code/.??* ; \ + rm -rf /code/* /code/.git* ; \ else \ pip install --editable .[$ENVIRONMENT]; \ fi