fixes #33: PyYAML CVE fixed, using the safe FullLoader
See https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
This commit is contained in:
parent
29ed7ab4ad
commit
c65c64acff
|
@ -0,0 +1,6 @@
|
|||
j2cli
|
||||
2.7.16
|
||||
3.4.9
|
||||
3.5.6
|
||||
3.6.8
|
||||
3.7.2
|
22
.travis.yml
22
.travis.yml
|
@ -4,23 +4,25 @@ language: python
|
|||
|
||||
matrix:
|
||||
include:
|
||||
- python: 2.6
|
||||
env: TOXENV=py
|
||||
- python: 2.7
|
||||
env: TOXENV=py
|
||||
env: TOXENV=py27
|
||||
- python: 3.4
|
||||
env: TOXENV=py
|
||||
env: TOXENV=py34
|
||||
- python: 3.5
|
||||
env: TOXENV=py
|
||||
env: TOXENV=py35
|
||||
- python: 3.6
|
||||
env: TOXENV=py
|
||||
env: TOXENV=py36
|
||||
- python: 3.7-dev
|
||||
env: TOXENV=py
|
||||
env: TOXENV=py37
|
||||
- python: pypy
|
||||
env: TOXENV=py
|
||||
env: TOXENV=pypy
|
||||
- python: pypy3
|
||||
env: TOXENV=py
|
||||
|
||||
env: TOXENV=pypy
|
||||
- {python: 3.6, env: TOXENV=py36-pyyaml5.1}
|
||||
- {python: 3.6, env: TOXENV=py36-pyyaml3.13}
|
||||
- {python: 3.6, env: TOXENV=py36-pyyaml3.12}
|
||||
- {python: 3.6, env: TOXENV=py36-pyyaml3.11}
|
||||
- {python: 3.6, env: TOXENV=py36-pyyaml3.10}
|
||||
install:
|
||||
- pip install tox
|
||||
cache:
|
||||
|
|
|
@ -1,3 +1,9 @@
|
|||
## 0.3.6 (2019-03-21)
|
||||
* Fixed support for Python 2.6
|
||||
* Dropped Python 2.6 from unit-tests
|
||||
* Fixed a warning issued by PyYAML.
|
||||
See [issue #33](https://github.com/kolypto/j2cli/issues/33)
|
||||
|
||||
## 0.3.5 (2019-01-03)
|
||||
* New option: `--undefined` that allows undefined variables
|
||||
* Fix: unicode support in environment variables
|
||||
|
|
6
Makefile
6
Makefile
|
@ -7,7 +7,7 @@ SHELL := /bin/bash
|
|||
clean:
|
||||
@rm -rf build/ dist/ *.egg-info/ README.md README.rst
|
||||
@pip install -e . # have to reinstall because we are using self
|
||||
README.md: $(shell find misc/ j2cli/)
|
||||
README.md: $(shell find j2cli/) $(wildcard misc/_doc/**)
|
||||
@python misc/_doc/README.py | python j2cli/__init__.py -f json -o $@ misc/_doc/README.md.j2
|
||||
README.rst: README.md
|
||||
@pandoc -f markdown -t rst -o README.rst README.md
|
||||
|
@ -27,7 +27,3 @@ test:
|
|||
@nosetests
|
||||
test-tox:
|
||||
@tox
|
||||
test-docker:
|
||||
@docker run --rm -it -v `pwd`:/src themattrix/tox
|
||||
test-docker-2.6: # temporary, since `themattrix/tox` has faulty 2.6
|
||||
@docker run --rm -it -v $(realpath .):/app mrupgrade/deadsnakes:2.6 bash -c 'cd /app && pip install -e . && pip install nose argparse && nosetests'
|
||||
|
|
|
@ -85,7 +85,15 @@ def _parse_yaml(data_string):
|
|||
$ j2 config.j2 data.yml
|
||||
$ cat data.yml | j2 --format=yaml config.j2
|
||||
"""
|
||||
return yaml.load(data_string)
|
||||
# Loader
|
||||
try:
|
||||
# PyYAML 5.1 supports FullLoader
|
||||
Loader = yaml.FullLoader
|
||||
except AttributeError:
|
||||
# Have to use SafeLoader for older versions
|
||||
Loader = yaml.SafeLoader
|
||||
# Done
|
||||
return yaml.load(data_string, Loader=Loader)
|
||||
|
||||
def _parse_env(data_string):
|
||||
""" Data input from environment variables.
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
wheel
|
||||
nose
|
||||
exdoc
|
||||
pyyaml
|
||||
|
|
12
setup.py
12
setup.py
|
@ -15,10 +15,18 @@ Inspired by [mattrobenolt/jinja2-cli](https://github.com/mattrobenolt/jinja2-cli
|
|||
"""
|
||||
|
||||
from setuptools import setup, find_packages
|
||||
import sys
|
||||
|
||||
# PyYAML 3.11 was the last to support Python 2.6
|
||||
# This code limits pyyaml version for older pythons
|
||||
pyyaml_version = 'pyyaml >= 3.10' # fresh
|
||||
if sys.version_info[:2] == (2, 6) or True:
|
||||
pyyaml_version = 'pyyaml<=3.11'
|
||||
|
||||
|
||||
setup(
|
||||
name='j2cli',
|
||||
version='0.3.5-1',
|
||||
version='0.3.6-1',
|
||||
author='Mark Vartanyan',
|
||||
author_email='kolypto@gmail.com',
|
||||
|
||||
|
@ -41,7 +49,7 @@ setup(
|
|||
'jinja2 >= 2.7.2',
|
||||
],
|
||||
extras_require={
|
||||
'yaml': ['pyyaml',]
|
||||
'yaml': [pyyaml_version,]
|
||||
},
|
||||
include_package_data=True,
|
||||
zip_safe=False,
|
||||
|
|
17
tox.ini
17
tox.ini
|
@ -1,9 +1,22 @@
|
|||
[tox]
|
||||
envlist=py{26,27,34,35,36,37},pypy
|
||||
envlist=py{27,34,35,36,37},pypy,
|
||||
py36-pyyaml5.1
|
||||
py36-pyyaml3.13
|
||||
py36-pyyaml3.12
|
||||
py36-pyyaml3.11
|
||||
py36-pyyaml3.10
|
||||
skip_missing_interpreters=True
|
||||
|
||||
[testenv]
|
||||
deps=-rrequirements-dev.txt
|
||||
deps=
|
||||
-rrequirements-dev.txt
|
||||
py{27,34,35,36},pypy: -e.[yaml]
|
||||
py37: pyyaml
|
||||
py36-pyyaml5.1: pyyaml==5.1
|
||||
py36-pyyaml3.13: pyyaml==3.13
|
||||
py36-pyyaml3.12: pyyaml==3.12
|
||||
py36-pyyaml3.11: pyyaml==3.11
|
||||
py36-pyyaml3.10: pyyaml==3.10
|
||||
commands=
|
||||
nosetests {posargs:tests/}
|
||||
whitelist_externals=make
|
||||
|
|
Loading…
Reference in New Issue