diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 5b347773..fdb427e3 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -25,9 +25,8 @@ jobs: tarantool: - '1.10' - '2.8' - - '2.x-latest' + - '2.10' python: - - '3.5' - '3.6' - '3.7' - '3.8' @@ -53,40 +52,29 @@ jobs: msgpack-deps: 'msgpack==0.6.2' - tarantool: '2.8' python: '3.10' - msgpack-deps: 'msgpack==1.0.0' + msgpack-deps: 'msgpack==1.0.4' steps: - name: Clone the connector uses: actions/checkout@v2 - name: Install tarantool ${{ matrix.tarantool }} - if: matrix.tarantool != '2.x-latest' uses: tarantool/setup-tarantool@v1 with: tarantool-version: ${{ matrix.tarantool }} - - name: Install latest tarantool 2.x - if: matrix.tarantool == '2.x-latest' - run: | - curl -L https://tarantool.io/pre-release/2/installer.sh | sudo bash - sudo apt install -y tarantool tarantool-dev - - name: Setup Python for tests uses: actions/setup-python@v2 with: python-version: ${{ matrix.python }} - name: Install specific version of msgpack package - if: startsWith(matrix.msgpack-deps, 'msgpack==') == true - run: | - pip install ${{ matrix.msgpack-deps }} - - - name: Install specific version of msgpack-python package - # msgpack package is a replacement for deprecated msgpack-python. - # To test compatibility with msgpack-python we must ignore - # requirements.txt install of msgpack package by overwriting it - # with sed. - if: startsWith(matrix.msgpack-deps, 'msgpack-python==') == true + # We want to enforce using modern msgpack since it has + # various vulnerability fixes. But the code is compatible + # with older msgpack versions and msgpack-python package. + # To this test compatibility we must ignore requirements.txt + # install of the newer msgpack package by overwriting it with sed. + if: matrix.msgpack-deps != '' run: | pip install ${{ matrix.msgpack-deps }} sed -i -e "s/^msgpack.*$/${{ matrix.msgpack-deps }}/" requirements.txt @@ -122,10 +110,7 @@ jobs: - '1.10.11-0-gf0b0e7ecf-r470' - '2.8.3-21-g7d35cd2be-r470' - '2.10.0-1-gfa775b383-r486-linux-x86_64' - python: ['3.5', '3.6', '3.7', '3.8', '3.9', '3.10'] - msgpack-deps: - # latest msgpack will be installed as a part of requirements.txt - - '' + python: ['3.6', '3.7', '3.8', '3.9', '3.10'] steps: - name: Clone the connector @@ -150,21 +135,6 @@ jobs: with: python-version: ${{ matrix.python }} - - name: Install specific version of msgpack package - if: startsWith(matrix.msgpack-deps, 'msgpack==') == true - run: | - pip install ${{ matrix.msgpack-deps }} - - - name: Install specific version of msgpack-python package - # msgpack package is a replacement for deprecated msgpack-python. - # To test compatibility with msgpack-python we must ignore - # requirements.txt install of msgpack package by overwriting it - # with sed. - if: startsWith(matrix.msgpack-deps, 'msgpack-python==') == true - run: | - pip install ${{ matrix.msgpack-deps }} - sed -i -e "s/^msgpack.*$/${{ matrix.msgpack-deps }}/" requirements.txt - - name: Install package requirements run: pip install -r requirements.txt @@ -196,6 +166,7 @@ jobs: tarantool: - '1.10' - '2.8' + - '2.10.0.g0a5ce0b9c-1' python: - '3.10' @@ -219,12 +190,20 @@ jobs: with: distribution: Ubuntu-20.04 - - name: Install tarantool ${{ matrix.tarantool }} for WSL + - name: Install tarantool ${{ matrix.tarantool }} for WSL (2.8 and older) + if: (matrix.tarantool == '1.10') || (matrix.tarantool == '2.8') shell: wsl-bash_Ubuntu-20.04 {0} run: | curl -L https://tarantool.io/installer.sh | VER=${{ matrix.tarantool }} bash -s -- --type "release" sudo apt install -y tarantool tarantool-dev + - name: Install tarantool ${{ matrix.tarantool }} for WSL (2.10 and newer) + if: (matrix.tarantool != '1.10') && (matrix.tarantool != '2.8') + shell: wsl-bash_Ubuntu-20.04 {0} + run: | + curl -L https://tarantool.io/release/2/installer.sh | bash -s + sudo apt install -y tarantool=${{ matrix.tarantool }} tarantool-dev=${{ matrix.tarantool }} + - name: Setup test tarantool instance shell: wsl-bash_Ubuntu-20.04 {0} run: | diff --git a/CHANGELOG.md b/CHANGELOG.md index ad8892e5..c09eea66 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added ### Changed +- Bump msgpack requirement to 1.0.4 (PR #223). + The only reason of this bump is various vulnerability fixes, + msgpack>=0.4.0 and msgpack-python==0.4.0 are still supported. ### Fixed diff --git a/requirements-test.txt b/requirements-test.txt index 5a825685..7cc39625 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -1,4 +1,2 @@ dbapi-compliance==1.15.0 -# Use this pyyaml version to be compatible with Python34-x64 on Windows. -# See for more details http://help.appveyor.com/discussions/problems/28023. -pyyaml==5.2b1 +pyyaml==6.0 diff --git a/requirements.txt b/requirements.txt index 14261dfd..46dff380 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1 @@ -msgpack>=0.4.0 +msgpack>=1.0.4 diff --git a/setup.py b/setup.py index c57573d5..7d84f4fd 100755 --- a/setup.py +++ b/setup.py @@ -83,7 +83,7 @@ def find_version(*file_paths): cmdclass=cmdclass, command_options=command_options, install_requires=[ - 'msgpack>=0.4.0', + 'msgpack>=1.0.4', ], python_requires='>=3', )