Merge pull request #54 from dimagi/dmr/fix-django-range

dannyroberts · web-flow · commit 09c1834d2a18 · 2020-03-06T15:48:47.000-06:00
Update django range to exclude vulnerable versions
diff --git a/.travis.yml b/.travis.yml
@@ -1,15 +1,11 @@
 language: python
 python:
- - "2.7"
  - "3.4"
  - "3.5"
  - "3.6"
 env:
- - DJANGO_VERSION_MIN=1.8 DJANGO_VERSION_MAX=1.9
- - DJANGO_VERSION_MIN=1.9 DJANGO_VERSION_MAX=1.10
- - DJANGO_VERSION_MIN=1.10 DJANGO_VERSION_MAX=1.11
  - DJANGO_VERSION_MIN=1.11 DJANGO_VERSION_MAX=2.0
- - DJANGO_VERSION_MIN=2.0 DJANGO_VERSION_MAX=2.1
+ - DJANGO_VERSION_MIN=2.2 DJANGO_VERSION_MAX=2.3
 install:
  - pip install "django>=$DJANGO_VERSION_MIN,<$DJANGO_VERSION_MAX"
  - "pip install -e ."
@@ -22,5 +18,5 @@ after_success:
 
 matrix:
   exclude:
-  - python: "2.7"
-    env: DJANGO_VERSION_MIN=2.0 DJANGO_VERSION_MAX=2.1
+  - python: "3.4"
+    env: DJANGO_VERSION_MIN=2.2 DJANGO_VERSION_MAX=2.3
diff --git a/django_prbac/__init__.py b/django_prbac/__init__.py
@@ -1,2 +1,2 @@
 from __future__ import unicode_literals
-__version__ = '0.0.7'
+__version__ = '0.0.8'
diff --git a/django_prbac/mock_settings.py b/django_prbac/mock_settings.py
@@ -22,6 +22,7 @@
     'django.contrib.contenttypes',
     'django.contrib.sessions',
     'django.contrib.staticfiles',
+    'django.contrib.messages',
 
     # And this app
     'django_prbac',
@@ -30,3 +31,21 @@
 STATIC_URL = '/static/'
 
 ROOT_URLCONF = 'django_prbac.urls'
+
+MIDDLEWARE = [
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django.contrib.messages.middleware.MessageMiddleware',
+    'django.contrib.sessions.middleware.SessionMiddleware',
+]
+
+TEMPLATES = [
+    {
+        'BACKEND': 'django.template.backends.django.DjangoTemplates',
+        'OPTIONS': {
+            'context_processors': [
+                'django.contrib.auth.context_processors.auth',
+                'django.contrib.messages.context_processors.messages',
+            ],
+        }
+    },
+]
diff --git a/setup.py b/setup.py
@@ -32,10 +32,10 @@ def get_readme():
     packages=find_packages(),
     zip_safe=False,
     install_requires=[
-        # avoid django>=2.1.0,<2.1.15,>=2.2.0,<2.2.8 due to CVE-2019-19118
-        # https://github.com/advisories/GHSA-hvmf-r92r-27hr
-        'django>=1.8,<2.1',
-        'jsonfield>=1.0.3',
+        # avoid django 1 <1.11.28 and django 2 <2.2.10
+        # https://github.com/advisories/GHSA-hmr4-m2h5-33qx
+        'django>=1.11.28,!=2.0.*,!=2.1.*,!=2.2.0,!=2.2.1,!=2.2.2,!=2.2.3,!=2.2.4,!=2.2.5,!=2.2.6,!=2.2.7,!=2.2.8,!=2.2.9,<3',
+        'jsonfield>=1.0.3,<3',
         'simplejson',
         'six',
     ],

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`from __future__ import unicode_literals`
`2`		`-__version__ = '0.0.7'`
	`2`	`+__version__ = '0.0.8'`