Remove dependency with vulnerable library py - upgrade to tox>=4.13

All existing version from the py library are affected by the following vulnerability: https://github.com/advisories/GHSA-w596-4wvx-j9j6 In order to stop using py, its reference has been removed from tobiko requirements. Besides, tox and pytest libraries versions have been upgraded for this. Change-Id: I2c61e753e55340b19ab941fd532de0cab875d51c
2024-02-29 11:01:53 +01:00 · 2024-02-29 11:01:53 +01:00 · 0bc0eeb336
commit 0bc0eeb336
parent f728814347
8 changed files with 27 additions and 25 deletions
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@ -16,9 +16,9 @@ packaging==20.4
 paramiko==2.9.2
 pbr==5.5.1
 psutil==5.8.0
-pytest===6.2.5
-pytest-html==3.1.1
-pytest-xdist==2.2.0
+pytest===7.2.0
+pytest-html==4.1.1
+pytest-xdist==3.5.0
 python-dateutil==2.8.0
 python-designateclient==4.4.0
 python-glanceclient==3.2.2
--- a/roles/tobiko-ensure-tox/defaults/main.yaml
+++ b/roles/tobiko-ensure-tox/defaults/main.yaml
@ -1,5 +1,5 @@
 ---

 tox_command: tox
-tox_min_version: 3.8
-tox_max_version: 4.0
+tox_min_version: 4.13
+tox_max_version: null
--- a/roles/tobiko-ensure-tox/tasks/tox.yaml
+++ b/roles/tobiko-ensure-tox/tasks/tox.yaml
@ -2,7 +2,8 @@

 - name: "ensure Tox is installed"
  command: >
-    {{ python_executable }} -m pip install --user 'tox>={{ tox_min_version }},<{{tox_max_version}}'
+    {{ python_executable }} -m pip install --user
+    'tox>={{ tox_min_version }}{% if tox_max_version is not none %},<={{ tox_max_version }}{% endif %}'
  register: install_tox
  changed_when: "'Successfully installed' in install_tox.stdout"

--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -1,6 +1,6 @@
 # Test cases requirements

 mock>=3.0.5                    # BSD
-pytest>=6.2.5                  # MIT
-pytest-html>=3.1.1             # MPL-2.0
-pytest-xdist[psutil]>=2.2.0    # MIT
+pytest>=7.2.0                  # MIT
+pytest-html>=4.1.1             # MIT
+pytest-xdist[psutil]>=3.5.0    # MIT
--- a/tobiko/tests/conftest.py
+++ b/tobiko/tests/conftest.py
@ -20,8 +20,8 @@ import re
 import subprocess

 from oslo_log import log
-from py.xml import html  # pylint: disable=no-name-in-module,import-error
 import pytest
+from pytest_metadata.plugin import metadata_key

 import tobiko

@ -42,17 +42,18 @@ def pytest_configure(config):


 def configure_metadata(config):
+    metadata = config.stash[metadata_key]
    # pylint: disable=protected-access
    from tobiko import version
-    config._metadata["Tobiko Version"] = version.release
+    metadata["Tobiko Version"] = version.release
    git_commit = subprocess.check_output(
        ['git', 'log', '-n', '1'],
        universal_newlines=True).replace('\n', '<br>')
-    config._metadata["Tobiko Git Commit"] = git_commit
+    metadata["Tobiko Git Commit"] = git_commit
    git_release = subprocess.check_output(
        ['git', 'describe', '--tags'],
        universal_newlines=True).replace('\n', '<br>')
-    config._metadata["Tobiko Git Release"] = git_release
+    metadata["Tobiko Git Release"] = git_release


 def configure_caplog(config):
@ -140,14 +141,15 @@ def configure_timeout(config):


 def pytest_html_results_table_header(cells):
-    cells.insert(2, html.th("Description"))
-    cells.insert(1, html.th("Time", class_="sortable time", col="time"))
+    cells.insert(2, '<th>Description</th>')
+    cells.insert(
+        1, '<th class="sortable time" data-column-type="time">Time</th>')
    cells.pop()


 def pytest_html_results_table_row(report, cells):
-    cells.insert(2, html.td(getattr(report, 'description', '')))
-    cells.insert(1, html.td(datetime.utcnow(), class_="col-time"))
+    cells.insert(2, f'<td>{getattr(report, "description", "")}</td>')
+    cells.insert(1, f'<td class="col-time">{datetime.utcnow()}</td>')
    cells.pop()


--- a/tools/install.py
+++ b/tools/install.py
@ -29,7 +29,7 @@ from tools import get_version  # noqa

 LOG = common.get_logger(__name__)

-TOX_VERSION = os.environ.get('TOX_VERSION') or '>=3.8.0'
+TOX_VERSION = os.environ.get('TOX_VERSION') or '>=4.13'

 TOX_CONSTRAINTS = (os.environ.get('TOX_CONSTRAINTS') or
                   f"-c{TOP_DIR}/upper-constraints.txt")
--- a/tox.ini
+++ b/tox.ini
@ -1,7 +1,7 @@
 [tox]

 envlist = bindep,linters,py3,lower-constraints,functional
-minversion = 3.8.0
+minversion = 4.13


 # --- unit test environments -------------------------------------------------
--- a/upper-constraints.txt
+++ b/upper-constraints.txt
@ -289,7 +289,6 @@ psycopg2===2.9.3
 psycopg2-binary===2.9.3
 ptyprocess===0.7.0
 purestorage===1.19.0
-py===1.11.0
 pyasn1===0.4.8
 pyasn1-modules===0.2.8
 pycadf===3.1.1
@ -331,11 +330,11 @@ pysmi===0.3.4
 pysnmp===4.4.12
 pyspnego===0.5.0
 pystache===0.6.0
-pytest===7.1.2
-pytest-forked===1.4.0
-pytest-html===3.1.1
-pytest-metadata===2.0.2
-pytest-xdist===2.5.0
+pytest===7.2.2
+pytest-forked===1.6.0
+pytest-html==4.1.1
+pytest-metadata===3.1.1
+pytest-xdist===3.5.0
 python-3parclient===4.2.12
 python-barbicanclient===5.3.0
 python-binary-memcached===0.31.1