From b4e0ba9e5e3012da32bc06cbef9e98549e8297b1 Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Sun, 26 May 2024 19:43:47 +0200
Subject: [PATCH] [stable-2] Fix docker_image tests with Docker SDK for Python
 7.1.0; restrict requests in EE dependencies to < 2.32.0 (#872)

* Docker SDK for Python 7.1.0 also dropped support for API versions < 1.24.

* EE: restrict requests to < 2.32.0.
---
 changelogs/fragments/872-ee-requests.yml                   | 7 +++++++
 meta/ee-requirements.txt                                   | 1 +
 .../targets/docker_image/tasks/tests/options.yml           | 5 +++--
 3 files changed, 11 insertions(+), 2 deletions(-)
 create mode 100644 changelogs/fragments/872-ee-requests.yml

diff --git a/changelogs/fragments/872-ee-requests.yml b/changelogs/fragments/872-ee-requests.yml
new file mode 100644
index 00000000..d556667c
--- /dev/null
+++ b/changelogs/fragments/872-ee-requests.yml
@@ -0,0 +1,7 @@
+bugfixes:
+  - "EE requirements - restrict ``requests`` dependency to ``< 2.32.0`` since later versions are incompatible with
+     Docker SDK for Python < 7.1.0, which we depend on (https://github.com/ansible-collections/community.docker/pull/872)."
+known_issues:
+  - "EE requirements - ``requests < 2.32.0`` is vulnerable to `CVE-2024-35195 <https://github.com/advisories/GHSA-9wx4-h78v-vm56>`__.
+     This does not affect Docker SDK for Python, but might affect other users of ``requests``
+     (https://github.com/ansible-collections/community.docker/pull/872)."
diff --git a/meta/ee-requirements.txt b/meta/ee-requirements.txt
index 2e33479d..3211efa6 100644
--- a/meta/ee-requirements.txt
+++ b/meta/ee-requirements.txt
@@ -1,2 +1,3 @@
 docker<7.0.0
+requests<2.32.0
 docker-compose
diff --git a/tests/integration/targets/docker_image/tasks/tests/options.yml b/tests/integration/targets/docker_image/tasks/tests/options.yml
index cf6ea864..06155efd 100644
--- a/tests/integration/targets/docker_image/tasks/tests/options.yml
+++ b/tests/integration/targets/docker_image/tasks/tests/options.yml
@@ -299,7 +299,8 @@
     api_version: "1.22"
   register: load_image_4
   # Moby 25.0.0 (API version 1.44) dropped support for older API versions
-  when: docker_api_version is version('1.44', '<')
+  # Docker SDK for Python 7.1.0 also dropped support for older API versions
+  when: docker_api_version is version('1.44', '<') and docker_py_version is version('7.1.0', '<')
 
 - name: load image (ID, idempotency)
   docker_image:
@@ -320,7 +321,7 @@
     - '"Detected no loaded images. Archive potentially corrupt?" == load_image_3.msg'
     - load_image_5 is not changed
 
-- when: docker_api_version is version('1.44', '<')
+- when: docker_api_version is version('1.44', '<') and docker_py_version is version('7.1.0', '<')
   assert:
     that:
     - load_image_4 is changed