From 97e34eec9104f9dc5620d6f3bfcaa611a18f87fd Mon Sep 17 00:00:00 2001 From: Kurt Wheeler Date: Mon, 29 Oct 2018 16:07:44 -0400 Subject: [PATCH 1/2] Increase CURL timeout for checking CRAN packages to 1 minute. --- common/install_devtools.R | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/common/install_devtools.R b/common/install_devtools.R index fdbe2061d..131d10cb5 100644 --- a/common/install_devtools.R +++ b/common/install_devtools.R @@ -29,12 +29,13 @@ install_package_version <- function(package_name, version) { package_tarball <- paste0(package_name, "_", version, ".tar.gz") package_url <- paste0("https://cran.r-project.org/src/contrib/", package_tarball) - curl_result <- system(paste0("curl --head ", package_url), intern=TRUE) + # Give CRAN a full minute to timeout since it's not always the most reliable. + curl_result <- system(paste0("curl --head --connect-timeout 60 ", package_url), intern=TRUE) if (grepl("404", curl_result[1])) { package_url <- paste0("https://cran.r-project.org/src/contrib/Archive/", package_name, "/", package_tarball) # Make sure the package actually exists in the archive! - curl_result <- system(paste0("curl --head ", package_url), intern=TRUE) + curl_result <- system(paste0("curl --head --connect-timeout 60 ", package_url), intern=TRUE) if (grepl("404", curl_result[1])) { stop(paste("Package", package_name, "version", version, "does not exist!")) } From 65ae92012122ad8e39a8846b287507ec800931e2 Mon Sep 17 00:00:00 2001 From: Kurt Wheeler Date: Mon, 29 Oct 2018 16:57:32 -0400 Subject: [PATCH 2/2] Bump up version of requests to avoid security vulnerability that Github warned about. --- api/requirements.in | 2 +- api/requirements.txt | 2 +- common/requirements.in | 2 +- common/requirements.txt | 2 +- foreman/requirements.in | 2 +- foreman/requirements.txt | 2 +- workers/data_refinery_workers/downloaders/requirements.in | 2 +- workers/data_refinery_workers/downloaders/requirements.txt | 2 +- workers/data_refinery_workers/processors/requirements.in | 2 +- workers/data_refinery_workers/processors/requirements.txt | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/api/requirements.in b/api/requirements.in index 9a5abfa2c..cd685c570 100644 --- a/api/requirements.in +++ b/api/requirements.in @@ -2,7 +2,7 @@ coverage django psycopg2-binary boto3 -requests +requests>=2.20.0 python-nomad djangorestframework djangorestframework-hstore diff --git a/api/requirements.txt b/api/requirements.txt index bb99aec69..489695793 100644 --- a/api/requirements.txt +++ b/api/requirements.txt @@ -28,7 +28,7 @@ psycopg2==2.7.5 # via djangorestframework-hstore python-dateutil==2.7.3 # via botocore python-nomad==0.9.0 pytz==2018.5 # via django -requests==2.19.1 +requests==2.20.0 s3transfer==0.1.13 # via boto3 six==1.11.0 # via python-dateutil uritemplate==3.0.0 # via coreapi diff --git a/common/requirements.in b/common/requirements.in index ac51cc670..7bd5229bd 100644 --- a/common/requirements.in +++ b/common/requirements.in @@ -2,7 +2,7 @@ coverage django psycopg2-binary boto3 -requests +requests>=2.20.0 retrying daiquiri python-nomad diff --git a/common/requirements.txt b/common/requirements.txt index c28f28062..ce501c6b1 100644 --- a/common/requirements.txt +++ b/common/requirements.txt @@ -19,7 +19,7 @@ python-dateutil==2.7.3 # via botocore python-nomad==0.9.0 pytz==2018.5 # via django raven==6.9.0 -requests==2.19.1 +requests==2.20.0 retrying==1.3.3 s3transfer==0.1.13 # via boto3 six==1.11.0 # via python-dateutil, retrying diff --git a/foreman/requirements.in b/foreman/requirements.in index 619cf167e..3a7227a9e 100644 --- a/foreman/requirements.in +++ b/foreman/requirements.in @@ -1,6 +1,6 @@ django psycopg2-binary -requests +requests>=2.20.0 retrying python-nomad coverage diff --git a/foreman/requirements.txt b/foreman/requirements.txt index 0ef92ff08..38ec454c7 100644 --- a/foreman/requirements.txt +++ b/foreman/requirements.txt @@ -18,7 +18,7 @@ python-dateutil==2.7.3 python-nomad==0.9.0 pytz==2018.5 # via django, pandas raven==6.9.0 -requests==2.19.1 +requests==2.20.0 retrying==1.3.3 six==1.11.0 # via python-dateutil, retrying urllib3==1.23 # via requests diff --git a/workers/data_refinery_workers/downloaders/requirements.in b/workers/data_refinery_workers/downloaders/requirements.in index 0e6f6f7eb..ef2bf41df 100644 --- a/workers/data_refinery_workers/downloaders/requirements.in +++ b/workers/data_refinery_workers/downloaders/requirements.in @@ -1,5 +1,5 @@ django -requests +requests>=2.20.0 psycopg2-binary retrying python-nomad diff --git a/workers/data_refinery_workers/downloaders/requirements.txt b/workers/data_refinery_workers/downloaders/requirements.txt index fb7fa2e93..61b30bb67 100644 --- a/workers/data_refinery_workers/downloaders/requirements.txt +++ b/workers/data_refinery_workers/downloaders/requirements.txt @@ -14,7 +14,7 @@ idna==2.7 # via requests psycopg2-binary==2.7.5 python-nomad==0.9.0 pytz==2018.5 # via django -requests==2.19.1 +requests==2.20.0 retrying==1.3.3 six==1.11.0 # via retrying urllib3==1.23 # via requests diff --git a/workers/data_refinery_workers/processors/requirements.in b/workers/data_refinery_workers/processors/requirements.in index 46425c009..a3f80aa84 100644 --- a/workers/data_refinery_workers/processors/requirements.in +++ b/workers/data_refinery_workers/processors/requirements.in @@ -1,5 +1,5 @@ django -requests +requests>=2.20.0 psycopg2-binary boto3 retrying diff --git a/workers/data_refinery_workers/processors/requirements.txt b/workers/data_refinery_workers/processors/requirements.txt index 797fc9bf8..5da959e79 100644 --- a/workers/data_refinery_workers/processors/requirements.txt +++ b/workers/data_refinery_workers/processors/requirements.txt @@ -37,7 +37,7 @@ python-dateutil==2.7.3 # via botocore, matplotlib, pandas python-nomad==0.9.0 pytz==2018.5 # via django, pandas pyyaml==3.13 # via multiqc -requests==2.19.1 +requests==2.20.0 retrying==1.3.3 s3transfer==0.1.13 # via boto3 scikit-learn==0.20.0