Merge pull request #1396 from untergeek/release/5.7.6

Security update

curator/_version.py

@@ -1 +1 @@
-__version__ = '5.7.6.dev0'
+__version__ = '5.7.6'

docs/Changelog.rst

@@ -3,8 +3,16 @@
 Changelog
 =========
 
-5.7.6 (? ? ?)
--------------
+5.7.6 (6 May 2019)
+------------------
+
+**Security Fix**
+
+Evidently, there were some upstream dependencies which required vulnerable
+versions of ``urllib3`` and ``requests``. These have been addressed.
+
+  * CVE-2018-20060, CVE-2019-11324, CVE-2018-18074 are addressed by this
+    update. Fixed in #1395 (cburgess)
 
 **Bug Fixes**
 

docs/asciidoc/index.asciidoc

@@ -1,4 +1,4 @@
-:curator_version: 5.7.6.dev0
+:curator_version: 5.7.6
 :curator_major: 5
 :curator_doc_tree: 5.7
 :es_py_version: 7.0.0

requirements.txt

@@ -2,7 +2,7 @@ voluptuous>=0.9.3
 elasticsearch>=7.0.0,<8.0.0
 urllib3>=1.24.2,<1.25
 requests>=2.20.0
-boto3>=1.7.24
+boto3>=1.9.142
 requests_aws4auth>=0.9
 click>=6.7,<7.0
 pyyaml==3.12

setup.cfg

@@ -24,7 +24,7 @@ install_requires =
     elasticsearch>=7.0.0,<8.0.0
     urllib3>=1.24.2,<1.25
     requests>=2.20.0
-    boto3>=1.7.24
+    boto3>=1.9.142
     requests_aws4auth>=0.9
     click>=6.7,<7.0
     pyyaml==3.12
@@ -36,7 +36,7 @@ setup_requires =
     elasticsearch>=7.0.0,<8.0.0
     urllib3>=1.24.2,<1.25
     requests>=2.20.0
-    boto3>=1.7.24
+    boto3>=1.9.142
     requests_aws4auth>=0.9
     click>=6.7,<7.0
     pyyaml==3.12

setup.py

@@ -25,7 +25,7 @@ def get_install_requires():
     res = ['elasticsearch>=7.0.0,<8.0.0' ]
     res.append('urllib3>=1.24.2,<1.25')
     res.append('requests>=2.20.0')
-    res.append('boto3>=1.7.24')
+    res.append('boto3>=1.9.142')
     res.append('requests_aws4auth>=0.9')
     res.append('click>=6.7,<7.0')
     res.append('pyyaml==3.12')