Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⬆️🔒️ Updates certifi following GHSA-43fp-rhv2-5gv8 #3682

Merged
merged 5 commits into from
Dec 15, 2022
Merged

⬆️🔒️ Updates certifi following GHSA-43fp-rhv2-5gv8 #3682

merged 5 commits into from
Dec 15, 2022

Conversation

pcrespov
Copy link
Member

@pcrespov pcrespov commented Dec 14, 2022
edited

What do these changes do?

  • ⬆️ Updates certifi to overcome GHSA-43fp-rhv2-5gv8
  • Using pip-tools==6.12.0 changed the requirement.txt files:
    • 🔨 simplified comments
    • fixes some faulty requirements listings

Highlights on updated libraries (only updated libraries are included)

  • #packages before: 2
  • #packages after : 13
# name before after upgrade count packages
1 certifi 2022.5.18.1, 2022.9.24, 2022.6.15 2022.12.7 minor 31 agent🧪
api-server⬆️🧪
autoscaling⬆️🧪
catalog⬆️🧪
dask-sidecar⬆️🧪
dask-task-models-library🧪
datcore-adapter⬆️🧪
director-v2⬆️🧪
dynamic-sidecar⬆️🧪
e2e🧪
models-library🧪
postgres-database🧪🧪
public-api🧪
service-integration🧪🧪
service-library🧪🧪
settings-library🧪
simcore-sdk🧪
storage🧪
swarm-deploy🧪
web⬆️🧪
2 psycopg2-binary 2.9.3 🗑️ removed 3 api-server🧪
catalog🧪
director-v2🧪

Legend:

  • ⬆️ base dependency (only services because packages are floating)
  • 🧪 test dependency
  • 🔧 tool dependency

Repo-wide overview of libraries

  • #reqs files parsed: 62
# name versions-base versions-test versions-tool
1 aio-pika 8.2.4, 8.2.5 8.2.4, 8.2.5
2 aioboto3 9.6.0, 10.1.0 9.6.0, 10.1.0
3 aiobotocore 2.3.0, 2.3.3, 2.4.0 2.3.0, 2.4.0
4 aiocache 0.11.1 0.11.1
5 aiodebug 2.3.0 2.3.0
6 aiodocker 0.19.1, 0.21.0 0.21.0
7 aiofiles 0.8.0, 22.1.0 22.1.0
8 aiohttp 3.8.3 3.8.3
9 aiohttp-jinja2 1.5
10 aiohttp-security 0.4.0
11 aiohttp-session 2.11.0
12 aiohttp-swagger 1.0.16
13 aioitertools 0.10.0, 0.11.0 0.11.0
14 aiopg 1.3.3, 1.4.0 1.4.0
15 aioprocessing 2.0.1
16 aioredis 2.0.1
17 aioresponses 0.7.3
18 aiormq 6.4.2 6.4.2
19 aiosignal 1.2.0, 1.3.1 1.2.0, 1.3.1
20 aiosmtplib 1.1.6
21 aiozipkin 1.1.1
22 alembic 1.8.1 1.8.1
23 anyio 3.6.1, 3.6.2 3.6.1, 3.6.2
24 argon2-cffi 20.1.0
25 asgi-lifespan 1.0.1, 2.0.0
26 asgiref 3.5.2
27 astroid 2.12.12 2.12.12, 2.12.13
28 async-asgi-testclient 1.4.11
29 async-generator 1.10
30 async-timeout 4.0.2 4.0.2
31 asyncpg 0.25.0
32 attrs 21.4.0, 22.1.0 21.4.0, 22.1.0
33 aws-sam-translator 1.53.0, 1.54.0, 1.55.0
34 aws-xray-sdk 2.10.0, 2.11.0
35 bcrypt 3.2.0 4.0.1
36 beautifulsoup4 4.10.0
37 bidict 0.22.0
38 black 22.10.0
39 bleach 3.3.0
40 blosc 1.10.6
41 bokeh 2.4.3 2.4.3
42 boto3 1.21.21, 1.24.59, 1.24.96 1.21.21, 1.24.59, 1.26.3
43 boto3-stubs 1.26.3
44 botocore 1.24.21, 1.27.59, 1.27.96 1.24.21, 1.27.59, 1.29.3
45 botocore-stubs 1.27.17, 1.29.16 1.29.3
46 build 0.8.0, 0.9.0
47 bump2version 1.0.1
48 certifi 2022.12.7 2022.12.7
49 cffi 1.15.0 1.15.0, 1.15.1
50 cfgv 3.3.1
51 cfn-lint 0.70.1, 0.72.0, 0.72.2
52 change-case 0.5.2
53 charset-normalizer 2.0.12, 2.1.1 2.0.12, 2.1.1
54 click 8.1.3 8.1.3 8.1.3
55 cloudpickle 2.0.0, 2.2.0
56 codecov 2.1.12
57 colorama 0.4.6
58 colorlog 6.7.0
59 commonmark 0.9.1
60 coverage 6.5.0
61 coveralls 3.3.1
62 cryptography 3.4.7, 36.0.2, 37.0.2 36.0.2, 38.0.1, 38.0.3, 38.0.4
63 cytoolz 0.11.0
64 dask 2022.9.2, 2022.12.0
65 dask-gateway 2022.10.0
66 dask-gateway-server 2022.10.0
67 decorator 4.4.2
68 deepdiff 6.2.1
69 defusedxml 0.7.1
70 deprecated 1.2.13 1.2.13
71 dill 0.3.5.1 0.3.5.1, 0.3.6
72 distlib 0.3.6
73 distributed 2022.9.2, 2022.12.0
74 distro 1.5.0
75 dnspython 2.0.0, 2.1.0, 2.2.1 2.2.1
76 docker 6.0.0, 6.0.1 6.0.0, 6.0.1
77 docker-compose 1.29.1
78 dockerpty 0.4.1
79 docopt 0.6.2 0.6.2
80 ecdsa 0.18.0
81 email-validator 1.2.1, 1.3.0 1.3.0
82 et-xmlfile 1.1.0
83 exceptiongroup 1.0.4 1.0.0, 1.0.1, 1.0.4
84 execnet 1.9.0
85 expiringdict 1.2.1
86 faker 15.1.0, 15.2.0, 15.3.3, 15.3.4
87 fastapi 0.85.0, 0.85.1, 0.85.2, 0.87.0
88 fastapi-contrib 0.2.11
89 fastapi-pagination 0.10.0
90 fastjsonschema 2.15.3
91 filelock 3.8.0, 3.8.2
92 flaky 3.7.0
93 flask 2.1.3, 2.2.2
94 flask-cors 3.0.10
95 frozenlist 1.3.0, 1.3.1, 1.3.3 1.3.0, 1.3.1, 1.3.3
96 fsspec 2022.5.0, 2022.11.0
97 graphql-core 3.2.3
98 greenlet 1.1.2, 2.0.1 1.1.2, 2.0.1
99 gunicorn 20.1.0
100 h11 0.12.0, 0.14.0 0.12.0, 0.14.0
101 h2 4.1.0
102 heapdict 1.0.1
103 hpack 4.0.0
104 httpcore 0.15.0, 0.16.1 0.15.0, 0.16.1, 0.16.2
105 httptools 0.2.0, 0.5.0
106 httpx 0.23.0, 0.23.1 0.23.0, 0.23.1
107 hyperframe 6.0.1
108 hypothesis 6.56.2
109 icdiff 2.0.5
110 identify 2.5.6, 2.5.8, 2.5.9
111 idna 2.10, 3.3, 3.4 2.10, 3.3, 3.4
112 importlib-metadata 5.0.0 5.0.0, 5.1.0
113 iniconfig 1.1.1 1.1.1
114 inotify 0.2.10
115 isodate 0.6.1
116 isort 5.10.1 5.10.1
117 itsdangerous 1.1.0, 2.1.2 2.1.2
118 jaeger-client 4.8.0
119 jinja-app-loader 1.0.2
120 jinja2 3.1.2 3.1.2 3.1.2
121 jmespath 1.0.0, 1.0.1 1.0.0, 1.0.1
122 jschema-to-python 1.2.3
123 json2html 1.3.0
124 jsondiff 2.0.0 2.0.0
125 jsonpatch 1.32
126 jsonpickle 2.2.0, 3.0.0
127 jsonpointer 2.3
128 jsonschema 3.2.0, 4.17.3 3.2.0, 4.17.3
129 junit-xml 1.9
130 jupyter-client 6.1.12
131 jupyter-core 4.11.2
132 jupyter-server 1.18.1
133 jupyter-server-proxy 3.2.1
134 jupyterlab-pygments 0.1.2
135 lazy-object-proxy 1.7.1 1.7.1 1.7.1, 1.8.0
136 locket 1.0.0
137 lz4 4.0.0
138 mako 1.2.2, 1.2.4 1.2.2, 1.2.4
139 markupsafe 2.1.1 2.1.1 2.1.1
140 mccabe 0.7.0 0.7.0
141 minio 7.0.4
142 mistune 2.0.4
143 moto 4.0.1, 4.0.9, 4.0.11
144 msgpack 1.0.3, 1.0.4
145 multidict 6.0.2, 6.0.3 6.0.2, 6.0.3
146 mypy-extensions 0.4.3
147 nbclient 0.5.3
148 nbconvert 7.2.1
149 nbformat 5.3.0
150 nest-asyncio 1.5.1
151 networkx 2.5.1 2.8.8
152 nodeenv 1.7.0
153 nose 1.3.7
154 numpy 1.22.3 1.23.4
155 openapi-core 0.12.0
156 openapi-schema-validator 0.2.3 0.2.3
157 openapi-spec-validator 0.4.0 0.4.0
158 openpyxl 3.0.9
159 opentracing 2.4.0
160 ordered-set 4.1.0
161 orjson 3.7.2
162 packaging 21.3 21.3 21.3
163 pamqp 3.2.1 3.2.1
164 pandas 1.2.4 1.5.1
165 pandocfilters 1.4.3
166 paramiko 2.11.0
167 parfive 1.5.1
168 partd 1.2.0, 1.3.0
169 passlib 1.7.4 1.7.4
170 pathspec 0.10.1, 0.10.2
171 pbr 5.11.0
172 pep517 0.13.0
173 pillow 9.3.0 9.3.0
174 pint 0.19.2, 0.20.1 0.20.1
175 pip-tools 6.9.0, 6.10.0, 6.11.0
176 platformdirs 2.5.2 2.5.2, 2.5.3, 2.5.4
177 pluggy 1.0.0 1.0.0
178 pprintpp 0.4.0
179 pre-commit 2.20.0
180 prometheus-client 0.14.1
181 psutil 5.9.1, 5.9.4 5.9.4
182 psycopg2-binary 2.9.3, 2.9.5 2.9.5
183 ptvsd 4.3.2
184 ptyprocess 0.7.0
185 py 1.11.0
186 py-cpuinfo 9.0.0
187 pyasn1 0.4.8
188 pycparser 2.20, 2.21 2.20, 2.21
189 pydantic 1.9.0, 1.10.2 1.10.2
190 pyftpdlib 1.5.7
191 pygments 2.9.0, 2.13.0
192 pyinstrument 3.4.2, 4.1.1, 4.3.0, 4.4.0 4.4.0
193 pyinstrument-cext 0.2.4
194 pyjwt 2.4.0
195 pylint 2.15.5 2.15.5, 2.15.6, 2.15.8
196 pynacl 1.4.0
197 pyopenssl 22.1.0
198 pyparsing 3.0.9 3.0.9 3.0.9
199 pyrsistent 0.18.1, 0.19.2 0.18.1, 0.19.2
200 pytest 7.2.0 7.2.0
201 pytest-aiohttp 1.0.4
202 pytest-asyncio 0.19.0, 0.20.1, 0.20.2
203 pytest-benchmark 4.0.0
204 pytest-cov 4.0.0
205 pytest-docker 1.0.1
206 pytest-forked 1.4.0
207 pytest-icdiff 0.6
208 pytest-instafail 0.4.2
209 pytest-lazy-fixture 0.6.3
210 pytest-localftpserver 1.1.4
211 pytest-mock 3.10.0
212 pytest-runner 6.0.0
213 pytest-sugar 0.9.6
214 pytest-xdist 2.5.0, 3.0.2, 3.1.0
215 python-dateutil 2.8.1, 2.8.2 2.8.1, 2.8.2
216 python-dotenv 0.20.0, 0.21.0 0.20.0, 0.21.0
217 python-engineio 4.3.4
218 python-jose 3.3.0
219 python-magic 0.4.25
220 python-multipart 0.0.5
221 python-socketio 5.7.2
222 pytz 2020.1, 2022.1 2022.6
223 pyyaml 5.4.1, 6.0 5.4.1, 6.0 5.4.1, 6.0
224 pyzmq 22.1.0
225 redis 4.3.1, 4.3.4 4.3.1
226 requests 2.27.1, 2.28.1 2.27.1, 2.28.1
227 responses 0.22.0
228 respx 0.20.0, 0.20.1
229 rfc3986 1.4.0, 1.5.0 1.4.0, 1.5.0
230 rich 12.5.1, 12.6.0
231 rsa 4.9
232 s3fs 2022.5.0
233 s3transfer 0.5.2, 0.6.0 0.5.2, 0.6.0
234 sarif-om 1.0.4
235 semantic-version 2.9.0
236 send2trash 1.7.1
237 setproctitle 1.2.3
238 shellingham 1.5.0
239 simpervisor 0.4
240 six 1.15.0, 1.16.0 1.15.0, 1.16.0
241 sniffio 1.2.0, 1.3.0 1.2.0, 1.3.0
242 sortedcontainers 2.4.0 2.4.0
243 soupsieve 2.3.2
244 sqlalchemy 1.4.37, 1.4.44 1.4.37, 1.4.44
245 sshpubkeys 3.3.1
246 starlette 0.20.4, 0.21.0
247 strict-rfc3339 0.7
248 tblib 1.7.0
249 tenacity 8.0.1, 8.1.0 8.0.1, 8.1.0
250 termcolor 2.1.0, 2.1.1
251 terminado 0.10.1
252 texttable 1.6.3
253 threadloop 1.0.2
254 thrift 0.16.0
255 tinycss2 1.1.1
256 toml 0.10.2 0.10.2
257 tomli 2.0.1 2.0.1 2.0.1
258 tomlkit 0.11.5 0.11.5, 0.11.6
259 toolz 0.11.1, 0.12.0
260 tornado 6.1, 6.2 6.1
261 tqdm 4.64.0, 4.64.1 4.64.1
262 traitlets 5.1.1 5.4.0
263 twilio 7.12.0
264 typer 0.4.1, 0.6.1, 0.7.0 0.7.0 0.7.0
265 types-aiobotocore 2.3.3, 2.4.0.post1
266 types-aiobotocore-ec2 2.4.0.post1
267 types-aiobotocore-s3 2.3.3
268 types-aiofiles 22.1.0.1
269 types-awscrt 0.15.3 0.15.2
270 types-boto3 1.0.2
271 types-pkg-resources 0.1.3
272 types-pyyaml 6.0.12.1
273 types-s3transfer 0.6.0.post4
274 types-toml 0.10.8, 0.10.8.1
275 typing-extensions 4.3.0, 4.4.0 4.3.0, 4.4.0 4.3.0, 4.4.0
276 ujson 5.5.0
277 urllib3 1.26.9, 1.26.11, 1.26.12, 1.26.13 1.26.9, 1.26.11, 1.26.12, 1.26.13
278 uvicorn 0.15.0, 0.17.0, 0.19.0, 0.20.0
279 uvloop 0.16.0, 0.17.0
280 virtualenv 20.16.5, 20.16.6, 20.16.7, 20.17.1
281 watchdog 2.1.5 2.1.9, 2.2.0
282 watchfiles 0.18.0
283 watchgod 0.8.2
284 webencodings 0.5.1
285 websocket-client 0.59.0, 1.4.2 0.59.0, 1.4.1, 1.4.2
286 websockets 10.1, 10.2, 10.3 10.4
287 werkzeug 2.1.2, 2.2.2 2.1.2, 2.2.2
288 wheel 0.37.1, 0.38.2, 0.38.4
289 wrapt 1.14.1 1.14.1 1.14.1
290 xmltodict 0.13.0
291 yarl 1.5.1, 1.7.2, 1.8.1, 1.8.2 1.5.1, 1.7.2, 1.8.1, 1.8.2
292 zict 2.2.0
293 zipp 3.9.0 3.10.0, 3.11.0

@pcrespov pcrespov added dependencies Pull requests that update a dependency file t:maintenance Some planned maintenance work python labels Dec 14, 2022
@pcrespov pcrespov added this to the Zefram Cochrane milestone Dec 14, 2022
@pcrespov pcrespov self-assigned this Dec 14, 2022
@pcrespov pcrespov changed the title updates packages ⬆️🔒️ Updates certifi following GHSA-43fp-rhv2-5gv8 Dec 14, 2022
@codecov
Copy link

codecov bot commented Dec 14, 2022
edited

Codecov Report

Merging #3682 (deef184) into master (7d5a7e8) will increase coverage by 1.8%.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff            @@
##           master   #3682     +/-   ##
========================================
+ Coverage    81.6%   83.5%   +1.8%     
========================================
  Files         883     883             
  Lines       37398   37398             
  Branches      786     786             
========================================
+ Hits        30548   31258    +710     
+ Misses       6654    5931    -723     
- Partials      196     209     +13
Flag Coverage Δ
integrationtests 62.7% <ø> (?)
unittests 81.6% <ø> (-0.1%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...imcore_service_webserver/garbage_collector_task.py 86.0% <0.0%> (-11.7%) ⬇️
...imcore_service_webserver/garbage_collector_core.py 62.6% <0.0%> (-4.9%) ⬇️
...rvice_webserver/projects/projects_handlers_crud.py 93.1% <0.0%> (+0.4%) ⬆️
...simcore_service_director_v2/modules/dask_client.py 92.8% <0.0%> (+0.5%) ⬆️
...r-v2/src/simcore_service_director_v2/utils/dask.py 89.5% <0.0%> (+1.1%) ⬆️
...core-sdk/src/simcore_sdk/node_data/data_manager.py 81.9% <0.0%> (+1.6%) ⬆️
...rector_v2/modules/comp_scheduler/base_scheduler.py 93.0% <0.0%> (+1.8%) ⬆️
.../simcore_service_director_v2/utils/computations.py 96.0% <0.0%> (+2.0%) ⬆️
.../server/src/simcore_service_webserver/users_api.py 95.1% <0.0%> (+2.0%) ⬆️
...rc/simcore_sdk/node_ports_common/storage_client.py 83.9% <0.0%> (+2.4%) ⬆️
... and 36 more

@pcrespov pcrespov marked this pull request as ready for review December 14, 2022 17:03
@pcrespov pcrespov enabled auto-merge (squash) December 14, 2022 20:01
@sonarcloud
Copy link

sonarcloud bot commented Dec 15, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@pcrespov pcrespov merged commit 2fae099 into ITISFoundation:master Dec 15, 2022
@pcrespov pcrespov deleted the maintenance/vulnerabilities branch December 16, 2022 14:51
@sanderegg sanderegg mentioned this pull request Jan 10, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GitHK GitHK GitHK approved these changes

@sanderegg sanderegg sanderegg approved these changes

@Surfict Surfict Awaiting requested review from Surfict

@mguidon mguidon Awaiting requested review from mguidon

Assignees

@pcrespov pcrespov

Labels
dependencies Pull requests that update a dependency file t:maintenance Some planned maintenance work
Projects
None yet
Milestone
Zefram Cochrane
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@pcrespov @GitHK @sanderegg @odeimaiz