fix: remove vulnerable Pillow versions (GoogleCloudPlatform#7367)

dandhlee · engelke · web-flow · commit 0b8715908cc6 · 2022-01-13T19:48:16.000-05:00
* chore(deps): remove python2 and 3.6 pin for appengine/flex/scipy

* chore(deps): remove python3.6 and below pin for dataflow/tensorflow-landsat

* fix: remove python3.6 for ppai/image-classification

* test: skip python2 and 3.6 tests

* chore: fix license year

Co-authored-by: Charles Engelke &lt;engelke@google.com&gt;
diff --git a/appengine/flexible/scipy/noxfile_config.py b/appengine/flexible/scipy/noxfile_config.py
@@ -0,0 +1,38 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default TEST_CONFIG_OVERRIDE for python repos.
+
+# You can copy this file into your directory, then it will be imported from
+# the noxfile.py.
+
+# The source of truth:
+# https://github.com/GoogleCloudPlatform/python-docs-samples/blob/main/noxfile_config.py
+
+TEST_CONFIG_OVERRIDE = {
+    # You can opt out from the test for specific Python versions.
+    "ignored_versions": ["2.7", "3.6"],
+    # Old samples are opted out of enforcing Python type hints
+    # All new samples should feature them
+    "enforce_type_hints": False,
+    # An envvar key for determining the project id to use. Change it
+    # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a
+    # build specific Cloud project. You can also use your own string
+    # to use your own Cloud project.
+    "gcloud_project_env": "GOOGLE_CLOUD_PROJECT",
+    # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT',
+    # A dictionary you want to inject into your test. Don't put any
+    # secrets here. These values will override predefined values.
+    "envs": {},
+}
diff --git a/appengine/flexible/scipy/requirements.txt b/appengine/flexible/scipy/requirements.txt
@@ -1,9 +1,6 @@
 Flask==2.0.2
 gunicorn==20.1.0
 imageio==2.13.5
-numpy==1.21.4; python_version >= '3.7'
-numpy==1.19.5; python_version < '3.7'
-pillow==9.0.0; python_version > '3.6'
-pillow==8.4.0; python_version <='3.6'
-scipy==1.7.3; python_version >= '3.7'
-scipy==1.5.4; python_version < '3.7'
+numpy==1.21.4
+pillow==9.0.0
+scipy==1.7.3
diff --git a/dataflow/gpu-examples/tensorflow-landsat/requirements.txt b/dataflow/gpu-examples/tensorflow-landsat/requirements.txt
@@ -1,5 +1,4 @@
-pillow==9.0.0; python_version > '3.6'
-pillow==8.4.0; python_version <='3.6'
+pillow==9.0.0
 apache-beam[gcp]==2.31.0
 rasterio==1.2.10
 tensorflow==2.7.0
diff --git a/people-and-planet-ai/image-classification/noxfile_config.py b/people-and-planet-ai/image-classification/noxfile_config.py
@@ -23,7 +23,7 @@
 TEST_CONFIG_OVERRIDE = {
     # You can opt out from the test for specific Python versions.
     # NOTE: Apache Beam does not currently support Python 3.9 or 3.10.
-    "ignored_versions": ["2.7", "3.9", "3.10"],
+    "ignored_versions": ["2.7", "3.6", "3.9", "3.10"],
     # Old samples are opted out of enforcing Python type hints
     # All new samples should feature them
     "enforce_type_hints": True,
diff --git a/people-and-planet-ai/image-classification/requirements.txt b/people-and-planet-ai/image-classification/requirements.txt
@@ -1,5 +1,4 @@
-pillow==9.0.0; python_version > '3.6'
-pillow==8.4.0; python_version <='3.6'
+pillow==9.0.0
 apache-beam[gcp]==2.33.0
 google-cloud-aiplatform==1.9.0
 google-cloud-bigquery==2.32.0 # Indirect dependency, but there is a version conflict that causes pip to hang unless we constraint this.
