This update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer, python-jsonpatch, python-jsonpointer, python-scandir, python-PyYAML fixes the following issues :

python-cfn-lint was included as a new package in 0.21.4.

python-aws-sam-translator was updated to 1.11.0 :

  - Add ReservedConcurrentExecutions to globals

  - Fix ElasticsearchHttpPostPolicy resource reference

  - Support using AWS::Region in Ref and Sub

  - Documentation and examples updates

  - Add VersionDescription property to Serverless::Function

  - Update ServerlessRepoReadWriteAccessPolicy

  - Add additional template validation

Upgrade to 1.10.0 :

  - Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy

  - Add DynamoDBReconfigurePolicy

  - Add CostExplorerReadOnlyPolicy and     OrganizationsListAccountsPolicy

  - Add EKSDescribePolicy

  - Add SESBulkTemplatedCrudPolicy

  - Add FilterLogEventsPolicy

  - Add SSMParameterReadPolicy

  - Add SESEmailTemplateCrudPolicy

  - Add s3:PutObjectAcl to S3CrudPolicy

  - Add allow_credentials CORS option

  - Add support for AccessLogSetting and CanarySetting     Serverless::Api properties

  - Add support for X-Ray in Serverless::Api

  - Add support for MinimumCompressionSize in     Serverless::Api

  - Add Auth to Serverless::Api globals

  - Remove trailing slashes from APIGW permissions

  - Add SNS FilterPolicy and an example application

  - Add Enabled property to Serverless::Function event     sources

  - Add support for PermissionsBoundary in     Serverless::Function

  - Fix boto3 client initialization

  - Add PublicAccessBlockConfiguration property to S3 bucket     resource

  - Make PAY_PER_REQUEST default mode for     Serverless::SimpleTable

  - Add limited support for resolving intrinsics in     Serverless::LayerVersion

  - SAM now uses Flake8

  - Add example application for S3 Events written in Go

  - Updated several example applications

Initial build

  + Version 1.9.0

Add patch to drop compatible releases operator from setup.py, required for SLES12 as the setuptools version is too old

  + ast_drop-compatible-releases-operator.patch

python-jsonschema was updated to 2.6.0: Improved performance on CPython by adding caching around ref resolution

Update to version 2.5.0: Improved performance on CPython by adding caching around ref resolution (#203)

Update to version 2.4.0: Added a CLI (#134)

Added absolute path and absolute schema path to errors (#120)

Added ``relevance``

Meta-schemas are now loaded via ``pkgutil``

Added ``by_relevance`` and ``best_match`` (#91)

Fixed ``format`` to allow adding formats for non-strings (#125)

Fixed the ``uri`` format to reject URI references (#131)

Install /usr/bin/jsonschema with update-alternatives support

python-nose2 was updated to 0.9.1: the prof plugin now uses cProfile instead of hotshot for profiling

skipped tests now include the user's reason in junit XML's message field

the prettyassert plugin mishandled multi-line function definitions

Using a plugin's CLI flag when the plugin is already enabled via config no longer errors

nose2.plugins.prettyassert, enabled with --pretty-assert

Cleanup code for EOLed python versions

Dropped support for distutils.

Result reporter respects failure status set by other plugins

JUnit XML plugin now includes the skip reason in its output

Upgrade to 0.8.0 :

List of changes is too long to show here, see https://github.com/nose-devs/nose2/blob/master/docs/changelog.rst changes between 0.6.5 and 0.8.0

Update to 0.7.0: Added parameterized_class feature, for parameterizing entire test classes (many thanks to @TobyLL for their suggestions and help testing!)

Fix DeprecationWarning on `inspect.getargs` (thanks @brettdh;
https://github.com/wolever/parameterized/issues/67)

Make sure that `setUp` and `tearDown` methods work correctly (#40)

Raise a ValueError when input is empty (thanks @danielbradburn;
https://github.com/wolever/parameterized/pull/48)

Fix the order when number of cases exceeds 10 (thanks @ntflc;
https://github.com/wolever/parameterized/pull/49)

python-scandir was included in version 2.3.2.

python-requests was updated to version 2.20.1 (bsc#1111622) Fixed bug with unintended Authorization header stripping for redirects using default ports (http/80, https/443).

remove restriction for urllib3 

Update to version 2.20.0: Bugfixes

  + Content-Type header parsing is now case-insensitive     (e.g. charset=utf8 v Charset=utf8).

  + Fixed exception leak where certain redirect urls would     raise uncaught urllib3 exceptions.

  + Requests removes Authorization header from requests     redirected from https to http on the same hostname.
    (CVE-2018-18074)

  + should_bypass_proxies now handles URIs without hostnames     (e.g. files).

Dependencies

  + Requests now supports urllib3 v1.24.

Deprecations

  + Requests has officially stopped support for Python 2.6.

Update to version 2.19.1: Fixed issue where status_codes.py&Atilde;&cent;&Acirc;&#128;&Acirc;&#153;s init function failed trying to append to a __doc__ value of None.

Update to version 2.19.0: Improvements

  + Warn about possible slowdown with cryptography version 

Bugfixes

  + Parsing empty Link headers with parse_header_links() no     longer return one bogus entry.

  + Fixed issue where loading the default certificate bundle     from a zip archive would raise an IOError.

  + Fixed issue with unexpected ImportError on windows     system which do not support winreg module.

  + DNS resolution in proxy bypass no longer includes the     username and password in the request. This also fixes     the issue of DNS queries failing on macOS.

  + Properly normalize adapter prefixes for url comparison.

  + Passing None as a file pointer to the files param no     longer raises an exception.

  + Calling copy on a RequestsCookieJar will now preserve     the cookie policy correctly.

We now support idna v2.7 and urllib3 v1.23.

update to version 2.18.4: Improvements

  + Error messages for invalid headers now include the     header name for easier debugging

Dependencies

  + We now support idna v2.6.

update to version 2.18.3: Improvements

  + Running $ python -m requests.help now includes the     installed version of idna.

Bugfixes

  + Fixed issue where Requests would raise ConnectionError     instead of SSLError when encountering SSL problems when     using urllib3 v1.22.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Detections

Analytics

SUSE SLES12 Security Update : python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (SUSE-SU-2020:0555-1)

high Nessus Plugin ID 134285

Version 1.5