Upgrading Python vulnerabilities (#49)

* Upgrading Python vulnerabilities * Fixing testing bug * Removing python vulnerabilities from ignore list * Upgrading django-registration
ODNZSL · Jun 16, 2022 · 5c9d679 · 5c9d679
1 parent 34b1aae
commit 5c9d679
Show file tree

Hide file tree

Showing 18 changed files with 20 additions and 59 deletions.
diff --git a/.osv-detector.yml b/.osv-detector.yml
@@ -3,23 +3,3 @@ ignore:
   - GHSA-gxr4-xjj5-5px2
   - GHSA-jpcq-cgw6-v4j6
   - GHSA-rmxg-73gg-4p98
-  - GHSA-jpcq-cgw6-v4j6
-  - GHSA-2gwj-7jmv-h26r
-  - GHSA-2m34-jcjv-45xf
-  - GHSA-53qw-q765-4fww
-  - GHSA-68w8-qjq3-2gfm
-  - GHSA-6cw3-g6wv-c2xv
-  - GHSA-8c5j-9r9f-c6w8
-  - GHSA-95rw-fx8r-36v6
-  - GHSA-fr28-569j-53c4
-  - GHSA-fvgf-6h6h-3322
-  - GHSA-jrh2-hc4r-7jwx
-  - GHSA-m6gj-h9gm-gw44
-  - GHSA-p99v-5w3c-jqq9
-  - GHSA-qm57-vhq3-3fwf
-  - GHSA-rxjp-mfm9-w4wr
-  - GHSA-v6rh-hp5x-86rv
-  - GHSA-w24h-v9qh-8gxj
-  - GHSA-wpjr-j57x-wxfw
-  - GHSA-xgxc-v2qg-chmh
-  - GHSA-58c7-px5v-82hh
diff --git a/requirements.txt b/requirements.txt
@@ -1,10 +1,10 @@
-django==2.2.11
+django==3.2.13
 django-tagging==0.5.0
-django-reversion==2.0.13
-django-bootstrap3==12.0.3
+django-reversion==4.0.0
+django-bootstrap3==21.2
 django-summernote==0.8.11.6
-django-modeltranslation==0.14.4
-django-registration==3.1
+django-modeltranslation==0.18.2
+django-registration==3.1.2
 django-contrib-comments==1.9.2
 django-queryset-csv==1.1.0
 django-debug-toolbar==3.2.2

diff --git a/signbank/dictionary/admin.py b/signbank/dictionary/admin.py
@@ -57,7 +57,7 @@ def get_readonly_fields(self, request, obj=None):
             [field.name for field in self.opts.local_many_to_many]
         ))
 
-    def has_add_permission(self, request):
+    def has_add_permission(self, request, args):
         return False
 
     def has_delete_permission(self, request, obj=None):
@@ -142,7 +142,7 @@ class GlossTranslationsInline(admin.TabularInline):
               'translations_secondary', 'translations_minor')
     extra = 0
 
-    def has_add_permission(self, request):
+    def has_add_permission(self, request, args):
         # return False
         return True
 

diff --git a/signbank/dictionary/models.py b/signbank/dictionary/models.py
@@ -12,14 +12,12 @@
 from django.contrib.contenttypes.models import ContentType
 from django.db import OperationalError, models
 from django.urls import reverse
-from django.utils.encoding import python_2_unicode_compatible
 from django.utils.translation import ugettext_lazy as _
 from tagging.models import Tag
 from tagging.registry import AlreadyRegistered
 from tagging.registry import register as tagging_register
 
 
-@python_2_unicode_compatible
 class Dataset(models.Model):
     """Dataset/Lexicon of which Glosses are part of."""
     #: A private name for the Dataset. Can include abbrevations not recognizable by the general users.
@@ -55,7 +53,6 @@ def __str__(self):
         return self.name
 
 
-@python_2_unicode_compatible
 class GlossTranslations(models.Model):
     """Store a string representation of translation equivalents of certain Language for a Gloss."""
     #: The Gloss to translate
@@ -162,7 +159,6 @@ def has_duplicates(self):
         return len(keywords_str) != (len(set(keywords_str)))
 
 
-@python_2_unicode_compatible
 @reversion.register()
 class Translation(models.Model):
     """A translation equivalent of a sign in selected language."""
@@ -188,7 +184,6 @@ def __str__(self):
         return self.keyword.text
 
 
-@python_2_unicode_compatible
 @reversion.register()
 class Keyword(models.Model):
     """A keyword that stores the text for translation(s)"""
@@ -207,7 +202,6 @@ def __str__(self):
         return self.text
 
 
-@python_2_unicode_compatible
 class Language(models.Model):
     """A written language, used for translations in written languages."""
     #: The name of a spoken/written Language.
@@ -230,7 +224,6 @@ def __str__(self):
         return self.name
 
 
-@python_2_unicode_compatible
 class SignLanguage(models.Model):
     """A sign language."""
     #: The name of the Sign Language
@@ -248,7 +241,6 @@ def __str__(self):
         return self.name
 
 
-@python_2_unicode_compatible
 class Dialect(models.Model):
     """A dialect name - a regional dialect of a given Language"""
     #: The Language of the Dialect.
@@ -268,7 +260,6 @@ def __str__(self):
         return str(self.language.name) + "/" + str(self.name)
 
 
-@python_2_unicode_compatible
 class RelationToForeignSign(models.Model):
     """Defines a relationship to another sign in another language (often a loan)"""
     #: The source Gloss of the relation.
@@ -298,7 +289,6 @@ def __str__(self):
         return str(self.gloss) + "/" + str(self.other_lang) + ',' + str(self.other_lang_gloss)
 
 
-@python_2_unicode_compatible
 class FieldChoice(models.Model):
     #: The name of the FieldChoice.
     field = models.CharField(max_length=50)
@@ -333,7 +323,6 @@ def build_choice_list(field):
         return choice_list
 
 
-@python_2_unicode_compatible
 class Gloss(models.Model):
     class Meta:
         unique_together = (("idgloss", "dataset"),)
@@ -675,7 +664,6 @@ def get_choice_lists():
         return field_choices
 
 
-@python_2_unicode_compatible
 class GlossURL(models.Model):
     """URL's for gloss"""
     #: The Gloss the URL belongs to.
@@ -692,7 +680,6 @@ def __str__(self):
         return self.gloss.idgloss + " - " + self.url
 
 
-@python_2_unicode_compatible
 class AllowedTags(models.Model):
     """Tags a model is allowed to use."""
     #: The tags that are shown in tag lists.
@@ -708,7 +695,6 @@ def __str__(self):
         return str(self.content_type)
 
 
-@python_2_unicode_compatible
 class GlossRelation(models.Model):
     """Relation between two glosses"""
     #: The source Gloss of the Relation.
@@ -732,7 +718,6 @@ def __str__(self):
         return str(self.target)
 
 
-@python_2_unicode_compatible
 class Relation(models.Model):  # TODO: Remove
     """A relation between two glosses"""
     source = models.ForeignKey(
@@ -758,7 +743,6 @@ def __str__(self):
         return str(self.source)+' -> ' + str(self.target)
 
 
-@python_2_unicode_compatible
 class MorphologyDefinition(models.Model):
     """Tells something about morphology of a gloss"""
     parent_gloss = models.ForeignKey(
@@ -777,7 +761,6 @@ def __str__(self):
         return str(self.morpheme.idgloss) + ' is ' + str(self.role) + ' of ' + str(self.parent_gloss.idgloss)
 
 
-@python_2_unicode_compatible
 class Signer(models.Model):
     """The list of signers"""
     #: Signer name.

diff --git a/signbank/dictionary/templates/dictionary/admin_gloss_list.html b/signbank/dictionary/templates/dictionary/admin_gloss_list.html
@@ -1,7 +1,7 @@
 {% extends "baselayout.html" %}
 {% load bootstrap3 %}
 {% load i18n %}
-{% load staticfiles %}
+{% load static %}
 {# Translators: Title for sign search page #}
 {% block bootstrap3_title %}{% blocktrans %}Advanced Search{% endblocktrans %} | {% endblock %}
 {% block extrahead %}

diff --git a/signbank/dictionary/templates/dictionary/admin_glossrelation_list.html b/signbank/dictionary/templates/dictionary/admin_glossrelation_list.html
@@ -1,7 +1,7 @@
 {% extends "baselayout.html" %}
 {% load bootstrap3 %}
 {% load i18n %}
-{% load staticfiles %}
+{% load static %}
 {# Translators: Title for GlossRelation search page #}
 {% block bootstrap3_title %}{% blocktrans %}Search Gloss Relations{% endblocktrans %} | {% endblock %}
 {% block extrahead %}

diff --git a/signbank/dictionary/templates/dictionary/gloss_detail.html b/signbank/dictionary/templates/dictionary/gloss_detail.html
@@ -2,7 +2,7 @@
 {% load stylesheet %}
 {% load bootstrap3 %}
 {% load i18n %}
-{% load staticfiles %}
+{% load static %}
 {% block bootstrap3_title %}{{gloss}} [{{gloss.dataset}}] | {% endblock %}
 {% block extrahead %}
 <link rel="stylesheet" type="text/css" href="{% static 'css/tagmanager.css' %}">

diff --git a/signbank/dictionary/templates/dictionary/manage_lexicons.html b/signbank/dictionary/templates/dictionary/manage_lexicons.html
@@ -1,7 +1,7 @@
 {% extends "baselayout.html" %}
 {% load i18n %}
 {% load bootstrap3 %}
-{% load staticfiles %}
+{% load static %}
 {% block bootstrap3_title %}{% blocktrans %}Manage lexicons{% endblocktrans %} | {% endblock %}
 {% block content %}
 <div class="row">

diff --git a/signbank/dictionary/templates/dictionary/network_graph.html b/signbank/dictionary/templates/dictionary/network_graph.html
@@ -1,4 +1,4 @@
-{% load staticfiles %}
+{% load static %}
 {% load i18n %}
 {% get_current_language as LANGUAGE_CODE %}
 <!DOCTYPE html>

diff --git a/signbank/dictionary/templates/dictionary/public_gloss_list.html b/signbank/dictionary/templates/dictionary/public_gloss_list.html
@@ -1,7 +1,7 @@
 {% extends "baselayout.html" %}
 {% load i18n %}
 {% load bootstrap3 %}
-{% load staticfiles %}
+{% load static %}
 {% block bootstrap3_title %}{% blocktrans %}Search Signs{% endblocktrans %} | {% endblock %}
 {% block extrajs %}
 <script src="{% static "js/mark.min.js" %}"></script>

diff --git a/signbank/dictionary/templates/dictionary/record_video.html b/signbank/dictionary/templates/dictionary/record_video.html
@@ -1,5 +1,5 @@
 {% load i18n %}
-{% load staticfiles %}
+{% load static %}
 
 <div id="upload_recorded_vid">
   <!--

diff --git a/signbank/video/models.py b/signbank/video/models.py
@@ -9,7 +9,6 @@
 from django.conf import settings
 from django.core.files.storage import FileSystemStorage
 from django.db import models
-from django.utils.encoding import python_2_unicode_compatible
 from django.utils.module_loading import import_string
 from django.utils.translation import ugettext_lazy as _
 
@@ -36,7 +35,6 @@ class GlossVideoDynamicStorage(import_string(settings.GLOSS_VIDEO_FILE_STORAGE))
     pass
 
 
-@python_2_unicode_compatible
 class GlossVideo(models.Model):
     """A video that represents a particular idgloss"""
     #: Descriptive title of the GlossVideo.

diff --git a/signbank/video/templates/uploaded_glossvideos.html b/signbank/video/templates/uploaded_glossvideos.html
@@ -1,6 +1,6 @@
 {% extends "baselayout.html" %}
 {% load i18n %}
-{% load staticfiles %}
+{% load static %}
 {% block bootstrap3_title %}{% blocktrans %}Manage Uploaded Videos{% endblocktrans %} | {% endblock %}
 {% block extrahead %}
 <link rel="stylesheet" href="{% static "css/jquery-ui/jquery-ui.min.css" %}">

diff --git a/templates/baselayout.html b/templates/baselayout.html
@@ -2,7 +2,7 @@
 {% load bootstrap3 %}
 {% load stylesheet %}
 {% load i18n %}
-{% load staticfiles %}
+{% load static %}
 {% get_current_language as LANGUAGE_CODE %}
 <html lang="{{LANGUAGE_CODE|default:'en'}}">
   <head>

diff --git a/templates/comments/search_comments.html b/templates/comments/search_comments.html
@@ -1,7 +1,7 @@
 {% extends "baselayout.html" %}
 {% load bootstrap3 %}
 {% load i18n %}
-{% load staticfiles %}
+{% load static %}
 {# Translators: Title for comments search page #}
 {% block bootstrap3_title %}{% blocktrans %}Search Comments{% endblocktrans %} | {% endblock %}
 {% block content %}

diff --git a/templates/django_registration/terms_of_service.html b/templates/django_registration/terms_of_service.html
@@ -1,5 +1,5 @@
 {% load i18n %}
-{% load staticfiles %}
+{% load static %}
 <p>{% blocktrans %}Last updated:{% endblocktrans %} 25.05.2018 (dd.mm.yyyy)</p>
 <ul>
     <li>{% blocktrans %}You have read and agree to the{% endblocktrans %} <a href="/static/files/tietosuojailmoitus_suomen-signbank.pdf" target="_blank">{% blocktrans %}privacy policy{% endblocktrans %}</a>

diff --git a/templates/notifications/list.html b/templates/notifications/list.html
@@ -1,5 +1,5 @@
 {% load i18n %}
-{% load staticfiles %}
+{% load static %}
 {% load notifications_tags %}
 {% notifications_unread as unread_count %}
 <div class="btn-group notifications-menu">

diff --git a/templates/policyconsent.html b/templates/policyconsent.html
@@ -1,5 +1,5 @@
 {% load i18n %}
-{% load staticfiles %}
+{% load static %}
 <link rel="stylesheet" type="text/css" href="{% static 'css/cookieconsent.min.css' %}" />
 <script src="{% static 'js/cookieconsent.min.js' %}"></script>
 <script>