From 8094fa1e2fc793280653b0da312582fd894da2ab Mon Sep 17 00:00:00 2001 From: Wouter Deconinck Date: Mon, 25 Nov 2024 06:07:56 -0600 Subject: [PATCH] py-gradio: add v5.1.0 (and add/update dependencies) (fix CVEs) (#47504) * py-pdm-backend: add v2.4.3 * py-starlette: add v0.28.0, v0.32.0, v0.35.1, v0.36.3, v0.37.2, v0.41.2 * py-fastapi: add v0.110.2, v0.115.4 * py-pydantic-extra-types: add v2.10.0 * py-pydantic-settings: add v2.6.1 * py-python-multipart: add v0.0.17 * py-email-validator: add v2.2.0 --- .../packages/py-email-validator/package.py | 5 ++- .../builtin/packages/py-fastapi/package.py | 40 +++++++++++++++---- .../builtin/packages/py-gradio/package.py | 13 +++++- .../packages/py-pdm-backend/package.py | 1 + .../py-pydantic-extra-types/package.py | 23 +++++++++++ .../packages/py-pydantic-settings/package.py | 22 ++++++++++ .../packages/py-python-multipart/package.py | 12 +++++- .../builtin/packages/py-starlette/package.py | 6 +++ 8 files changed, 112 insertions(+), 10 deletions(-) create mode 100644 var/spack/repos/builtin/packages/py-pydantic-extra-types/package.py create mode 100644 var/spack/repos/builtin/packages/py-pydantic-settings/package.py diff --git a/var/spack/repos/builtin/packages/py-email-validator/package.py b/var/spack/repos/builtin/packages/py-email-validator/package.py index 130824d5c3fcd6..151f65c7ec91ef 100644 --- a/var/spack/repos/builtin/packages/py-email-validator/package.py +++ b/var/spack/repos/builtin/packages/py-email-validator/package.py @@ -12,10 +12,13 @@ class PyEmailValidator(PythonPackage): homepage = "https://github.com/JoshData/python-email-validator" pypi = "email_validator/email_validator-1.3.1.tar.gz" - license("CC0-1.0") + license("Unlicense", when="@2.1.1:", checked_by="wdconinc") + license("CC0-1.0", when="@:2.1.0", checked_by="wdconinc") + version("2.2.0", sha256="cb690f344c617a714f22e66ae771445a1ceb46821152df8e165c5f9a364582b7") version("1.3.1", sha256="d178c5c6fa6c6824e9b04f199cf23e79ac15756786573c190d2ad13089411ad2") depends_on("py-setuptools", type="build") + depends_on("py-dnspython@2:", type=("build", "run"), when="@2:") depends_on("py-dnspython@1.15:", type=("build", "run")) depends_on("py-idna@2:", type=("build", "run")) diff --git a/var/spack/repos/builtin/packages/py-fastapi/package.py b/var/spack/repos/builtin/packages/py-fastapi/package.py index 36e48025b34efa..359a0f81533503 100644 --- a/var/spack/repos/builtin/packages/py-fastapi/package.py +++ b/var/spack/repos/builtin/packages/py-fastapi/package.py @@ -10,34 +10,60 @@ class PyFastapi(PythonPackage): """FastAPI framework, high performance, easy to learn, fast to code, ready for production""" - homepage = "https://github.com/tiangolo/fastapi" + homepage = "https://github.com/fastapi/fastapi" pypi = "fastapi/fastapi-0.88.0.tar.gz" license("MIT") - version("0.98.0", sha256="0d3c18886f652038262b5898fec6b09f4ca92ee23e9d9b1d1d24e429f84bf27b") - version("0.88.0", sha256="915bf304180a0e7c5605ec81097b7d4cd8826ff87a02bb198e336fb9f3b5ff02") + version("0.115.4", sha256="db653475586b091cb8b2fec2ac54a680ac6a158e07406e1abae31679e8826349") + version("0.110.2", sha256="b53d673652da3b65e8cd787ad214ec0fe303cad00d2b529b86ce7db13f17518d") + with default_args(deprecated=True): + # https://nvd.nist.gov/vuln/detail/CVE-2024-24762 + version( + "0.98.0", sha256="0d3c18886f652038262b5898fec6b09f4ca92ee23e9d9b1d1d24e429f84bf27b" + ) + version( + "0.88.0", sha256="915bf304180a0e7c5605ec81097b7d4cd8826ff87a02bb198e336fb9f3b5ff02" + ) variant("all", default=False, description="Build all optional dependencies") - depends_on("py-hatchling@1.13:", when="@0.98:", type="build") - depends_on("py-hatchling", type="build") - depends_on("py-starlette@0.27", when="@0.95.2:", type=("build", "run")) + depends_on("python@3.8:", when="@0.104:", type=("build", "run")) + + depends_on("py-pdm-backend", when="@0.110.3:", type="build") + depends_on("py-hatchling@1.13:", when="@0.98:0.110.2", type="build") + depends_on("py-hatchling", when="@:0.110.2", type="build") + + depends_on("py-starlette@0.40:0.41", when="@0.115.3:", type=("build", "run")) + depends_on("py-starlette@0.37.2:0.40", when="@0.115.2", type=("build", "run")) + depends_on("py-starlette@0.37.2:0.38", when="@0.112.1:0.115.1", type=("build", "run")) + depends_on("py-starlette@0.37.2:0.37", when="@0.110.1:0.112.0", type=("build", "run")) + depends_on("py-starlette@0.36.3:0.36", when="@0.109.2:0.110.0", type=("build", "run")) + depends_on("py-starlette@0.35:0.35", when="@0.109.0:0.109.1", type=("build", "run")) + depends_on("py-starlette@0.29:0.32", when="@0.108.0:0.108", type=("build", "run")) + depends_on("py-starlette@0.28", when="@0.107.0:0.107", type=("build", "run")) + depends_on("py-starlette@0.27", when="@0.95.2:0.106", type=("build", "run")) depends_on("py-starlette@0.22.0", when="@:0.89.1", type=("build", "run")) + depends_on("py-pydantic@1.7.4:1,2.1.1:2", when="@0.101:", type=("build", "run")) depends_on("py-pydantic@1.7.4:1", when="@0.96.1:", type=("build", "run")) depends_on("py-pydantic@1.6.2:1", when="@:0.96.0", type=("build", "run")) + depends_on("py-typing-extensions@4.8.0:", when="@0.104:", type=("build", "run")) - conflicts("^py-pydantic@1.7.0:1.7.3,1.8.0:1.8.1") + conflicts("^py-pydantic@1.7.0:1.7.3,1.8.0:1.8.1,2.0,2.1.0") with when("+all"): depends_on("py-httpx@0.23:", type=("build", "run")) depends_on("py-jinja2@2.11.2:", type=("build", "run")) + depends_on("py-python-multipart@0.0.7:", when="@0.109.1:", type=("build", "run")) depends_on("py-python-multipart@0.0.5:", type=("build", "run")) depends_on("py-itsdangerous@1.1:", type=("build", "run")) depends_on("py-pyyaml@5.3.1:", type=("build", "run")) depends_on("py-ujson@4.0.1:", type=("build", "run")) depends_on("py-orjson@3.2.1:", type=("build", "run")) + depends_on("py-email-validator@2.0.0:", when="@0.100:", type=("build", "run")) depends_on("py-email-validator@1.1.1:", type=("build", "run")) depends_on("py-uvicorn@0.12:+standard", type=("build", "run")) + depends_on("py-pydantic-settings@2.0.0:", when="@0.100:", type=("build", "run")) + depends_on("py-pydantic-extra-types@2.0.0:", when="@0.100:", type=("build", "run")) conflicts("^py-ujson@4.0.2,4.1.0,4.2.0,4.3.0,5.0.0,5.1.0") diff --git a/var/spack/repos/builtin/packages/py-gradio/package.py b/var/spack/repos/builtin/packages/py-gradio/package.py index 3070071ab7ca04..720e47dbeb15d6 100644 --- a/var/spack/repos/builtin/packages/py-gradio/package.py +++ b/var/spack/repos/builtin/packages/py-gradio/package.py @@ -14,7 +14,18 @@ class PyGradio(PythonPackage): license("Apache-2.0") - version("3.36.1", sha256="1d821cee15da066c24c197248ba9aaed5f5e59505d17754561c2f96f90e73a89") + version("5.1.0", sha256="d2153668e6de2df7a01bb33f01a074fc7716ec863c40f472d8e439439ef1e153") + with default_args(deprecated=True): + # https://nvd.nist.gov/vuln/detail/CVE-2024-47871 + version( + "4.44.1", sha256="a68a52498ac6b63f8864ef84bf7866a70e7d07ebe913edf921e1d2a3708ad5ae" + ) + version( + "3.50.2", sha256="c6c81320566ba3e5688a1a58201d0729565a97b828b2bf6895e54f7bf25c01de" + ) + version( + "3.36.1", sha256="1d821cee15da066c24c197248ba9aaed5f5e59505d17754561c2f96f90e73a89" + ) depends_on("python@3.8:", type=("build", "run")) depends_on("py-hatchling", type="build") diff --git a/var/spack/repos/builtin/packages/py-pdm-backend/package.py b/var/spack/repos/builtin/packages/py-pdm-backend/package.py index c3aebb38b76f76..220e1b5a37844d 100644 --- a/var/spack/repos/builtin/packages/py-pdm-backend/package.py +++ b/var/spack/repos/builtin/packages/py-pdm-backend/package.py @@ -13,6 +13,7 @@ class PyPdmBackend(PythonPackage): license("MIT", checked_by="matz-e") + version("2.4.3", sha256="dbd9047a7ac10d11a5227e97163b617ad5d665050476ff63867d971758200728") version("2.3.0", sha256="e39ed2da206d90d4a6e9eb62f6dce54ed4fa65ddf172a7d5700960d0f8a09e09") depends_on("python@3.8:", type=("build", "run")) diff --git a/var/spack/repos/builtin/packages/py-pydantic-extra-types/package.py b/var/spack/repos/builtin/packages/py-pydantic-extra-types/package.py new file mode 100644 index 00000000000000..03636a1bd60b3d --- /dev/null +++ b/var/spack/repos/builtin/packages/py-pydantic-extra-types/package.py @@ -0,0 +1,23 @@ +# Copyright 2013-2024 Lawrence Livermore National Security, LLC and other +# Spack Project Developers. See the top-level COPYRIGHT file for details. +# +# SPDX-License-Identifier: (Apache-2.0 OR MIT) + +from spack.package import * + + +class PyPydanticExtraTypes(PythonPackage): + """A place for pydantic types that probably shouldn't + exist in the main pydantic lib.""" + + homepage = "https://github.com/pydantic/pydantic-extra-types" + pypi = "pydantic_extra_types/pydantic_extra_types-2.10.0.tar.gz" + + license("MIT", checked_by="wdconinc") + + version("2.10.0", sha256="552c47dd18fe1d00cfed75d9981162a2f3203cf7e77e55a3d3e70936f59587b9") + + depends_on("python@3.8:", type=("build", "run")) + depends_on("py-hatchling", type="build") + depends_on("py-pydantic@2.5.2:", type=("build", "run")) + depends_on("py-typing-extensions", type=("build", "run")) diff --git a/var/spack/repos/builtin/packages/py-pydantic-settings/package.py b/var/spack/repos/builtin/packages/py-pydantic-settings/package.py new file mode 100644 index 00000000000000..5881eb5dc75fbf --- /dev/null +++ b/var/spack/repos/builtin/packages/py-pydantic-settings/package.py @@ -0,0 +1,22 @@ +# Copyright 2013-2024 Lawrence Livermore National Security, LLC and other +# Spack Project Developers. See the top-level COPYRIGHT file for details. +# +# SPDX-License-Identifier: (Apache-2.0 OR MIT) + +from spack.package import * + + +class PyPydanticSettings(PythonPackage): + """Settings management using Pydantic.""" + + homepage = "https://github.com/pydantic/pydantic-settings" + pypi = "pydantic_settings/pydantic_settings-2.6.1.tar.gz" + + license("MIT", checked_by="wdconinc") + + version("2.6.1", sha256="e0f92546d8a9923cb8941689abf85d6601a8c19a23e97a34b2964a2e3f813ca0") + + depends_on("python@3.8:", type=("build", "run")) + depends_on("py-hatchling", type="build") + depends_on("py-pydantic@2.7.0:", type=("build", "run")) + depends_on("py-python-dotenv@0.21:", type=("build", "run")) diff --git a/var/spack/repos/builtin/packages/py-python-multipart/package.py b/var/spack/repos/builtin/packages/py-python-multipart/package.py index 0af95b14b7f1af..5dd5780011f462 100644 --- a/var/spack/repos/builtin/packages/py-python-multipart/package.py +++ b/var/spack/repos/builtin/packages/py-python-multipart/package.py @@ -15,8 +15,18 @@ class PyPythonMultipart(PythonPackage): license("Apache-2.0") + version("0.0.17", sha256="41330d831cae6e2f22902704ead2826ea038d0419530eadff3ea80175aec5538") version("0.0.5", sha256="f7bb5f611fc600d15fa47b3974c8aa16e93724513b49b5f95c81e6624c83fa43") - depends_on("py-setuptools", type="build") + depends_on("py-setuptools", type="build", when="@:0.0.5") + depends_on("py-hatchling", type="build", when="@0.0.6:") depends_on("py-six@1.4.0:", type=("build", "run")) + + def url_for_version(self, version): + url = "https://files.pythonhosted.org/packages/source/p/python-multipart/{}-{}.tar.gz" + if self.spec.satisfies("@:0.0.5"): + name = "python-multipart" + else: + name = "python_multipart" + return url.format(name, version) diff --git a/var/spack/repos/builtin/packages/py-starlette/package.py b/var/spack/repos/builtin/packages/py-starlette/package.py index 7f51b279732eeb..ea2e1d260164d3 100644 --- a/var/spack/repos/builtin/packages/py-starlette/package.py +++ b/var/spack/repos/builtin/packages/py-starlette/package.py @@ -15,6 +15,12 @@ class PyStarlette(PythonPackage): license("BSD-3-Clause") + version("0.41.2", sha256="9834fd799d1a87fd346deb76158668cfa0b0d56f85caefe8268e2d97c3468b62") + version("0.37.2", sha256="9af890290133b79fc3db55474ade20f6220a364a0402e0b556e7cd5e1e093823") + version("0.36.3", sha256="90a671733cfb35771d8cc605e0b679d23b992f8dcfad48cc60b38cb29aeb7080") + version("0.35.1", sha256="3e2639dac3520e4f58734ed22553f950d3f3cb1001cd2eaac4d57e8cdc5f66bc") + version("0.32.0", sha256="87c899fe3aee6a42f711380b03e1d244a21079529cb3dbe1a5109e60915e0bbb") + version("0.28.0", sha256="7bf3da5e997e796cc202cef2bd3f96a7d9b1e1943203c2fe2b42e020bc658482") version("0.27.0", sha256="6a6b0d042acb8d469a01eba54e9cda6cbd24ac602c4cd016723117d6a7e73b75") version("0.23.1", sha256="8510e5b3d670326326c5c1d4cb657cc66832193fe5d5b7015a51c7b1e1b1bf42") version("0.22.0", sha256="b092cbc365bea34dd6840b42861bdabb2f507f8671e642e8272d2442e08ea4ff")