Security updates (#6531)

* Bump website deps to patched versions * Drop support for python 3.8 * Bump scikit-learn to a patched version * Run urllib3 update on lock files * Bump ipykernel that brings in tornado to devtools * Apply braces patch in frontend-components * Drop python 3.8 from devtools support * Bump dev environment to python >=3.10 to get rid of ullib3 v1 in lock files * Downgrade and pin numpy to 1.x until pandas-ta supports 2.x * Bump runners checkout and cache actions and python version * Fix platform hub integration test * Update dev install script to allow python 3.9 * Bump actions to versions that use node 20 vs node 16 * Bump exchange calendars package to resolve deprecation warnings * Resolve bugs highlighted by the tests (#6538) * Fix FMP currency snapshot model after a security update * fixes * add to the commit * lint --------- Co-authored-by: Danglewood <85772166+deeleeramone@users.noreply.github.com> * Bump finviz * Remove website folder that was added by merge conflict resolution * update test cassettes * biztoc test * fix most of test_charting * bump yfinance * reference.json * Fix some tests * Enable 3.12 support * Have 2 sets of cassettes for 2 versions of urlib3 * Allow 3.12 for sec provider * add json_schema_extra choices to compare groups * sorted choices * test fixing: cassetes * fix charting test * black * headers in sec download zip file * Delete yaml * lint * lint * Record https test_sec_compare_company_facts_fetcher * Record https test_sec_compare_company_facts_fetcher, new params * Record test in 3.9 and 3.10 * Record yfinance tests * Record 310 with us vpn * Record tests individually * record without cache * record without cache --------- Co-authored-by: Danglewood <85772166+deeleeramone@users.noreply.github.com> Co-authored-by: hjoaquim <henriquecjoaquim@gmail.com> Co-authored-by: Igor Radovanovic <74266147+IgorWounds@users.noreply.github.com> Co-authored-by: Diogo Sousa <montezdesousa@gmail.com>
OpenBB-finance · Jul 1, 2024 · c63b3c8 · c63b3c8
1 parent cbd3cb5
commit c63b3c8
Show file tree

Hide file tree

Showing 706 changed files with 1,199,131 additions and 17,693 deletions.
diff --git a/.github/workflows/deploy-pypi-nightly.yml b/.github/workflows/deploy-pypi-nightly.yml
@@ -12,11 +12,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
-      - name: Setup Python 3.9
-        uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
+      - name: Setup Python 3.10
+        uses: actions/setup-python@v5
         with:
-          python-version: "3.9"
+          python-version: "3.10"
 
       - name: Install pypa/build
         run: >-
@@ -29,7 +29,7 @@ jobs:
           sed -i 's/name = ".*"/name = "openbb-nightly"/' openbb_platform/pyproject.toml
           sed -i "3s/version = \"\(.*\)\"/version = \"\1.dev$(date +%Y%m%d%H%M)\"/" openbb_platform/pyproject.toml
 
-      - name: OpenBB Platform - Create the dinamically generated wheel
+      - name: OpenBB Platform - Create the dynamically generated wheel
         run: |
           python -m pip install poetry toml
           python build/pypi/openbb_platform/nightly.py

diff --git a/.github/workflows/deploy-test-pypi.yml b/.github/workflows/deploy-test-pypi.yml
@@ -15,11 +15,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
-      - name: Setup Python 3.9
-        uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
+      - name: Setup Python 3.10
+        uses: actions/setup-python@v5
         with:
-          python-version: "3.9"
+          python-version: "3.10"
 
       - name: Install pypa/build
         run: >-
@@ -55,7 +55,7 @@ jobs:
           sed -i 's/name = ".*"/name = "openbb-nightly"/' openbb_platform/pyproject.toml
           sed -i "3s/version = \"\(.*\)\"/version = \"\1.dev$(date +%Y%m%d%H%M)\"/" openbb_platform/pyproject.toml
 
-      - name: OpenBB Platform - Create the dinamically generated wheel
+      - name: OpenBB Platform - Create the dynamically generated wheel
         run: |
           python -m pip install poetry toml
           python build/pypi/openbb_platform/nightly.py

diff --git a/.github/workflows/general-linting.yml b/.github/workflows/general-linting.yml
@@ -35,10 +35,10 @@ jobs:
       - name: Fetch base branch
         run: git fetch --no-tags --depth=20 origin ${{ github.base_ref }}
 
-      - name: Setup Python 3.9
-        uses: actions/setup-python@v4
+      - name: Setup Python 3.10
+        uses: actions/setup-python@v5
         with:
-          python-version: "3.9"
+          python-version: "3.10"
           architecture: x64
 
       - name: Get changed files in openbb_platform for PR
@@ -48,7 +48,7 @@ jobs:
           echo "diff_files=$(git diff --diff-filter=d --name-only origin/${{ github.base_ref }}...${{ github.head_ref }} | grep -E '^(openbb_platform|cli)/.*\.py$' | grep -v 'openbb_platform/openbb/package' | grep -v 'integration' | grep -v 'tests' | xargs)" >> $GITHUB_ENV
           echo $diff_files
 
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: ~/.cache/pip
           key: ${{ runner.os }}-linting-${{ hashFiles('**/poetry.lock') }}
@@ -75,7 +75,7 @@ jobs:
     name: Markdown Linting
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         name: Check out the code
       - name: Lint Code Base
         uses: docker://avtodev/markdown-lint:v1
@@ -86,7 +86,7 @@ jobs:
     name: JSON Check
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: json-yaml-validate
         id: json-yaml-validate

diff --git a/.github/workflows/test-integration-platform.yml b/.github/workflows/test-integration-platform.yml
@@ -29,14 +29,14 @@ jobs:
         if: always()
 
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Checkout specific ref
         if: github.event_name == 'pull_request'
         run: git fetch origin ${{ github.event.pull_request.head.ref }} && git checkout FETCH_HEAD
 
       - name: Setup Python 3.10
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.10"
           architecture: x64

diff --git a/.github/workflows/test-unit-cli.yml b/.github/workflows/test-unit-cli.yml
@@ -22,18 +22,18 @@ jobs:
             ["3.9", "3.10", "3.11"]
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Install Python ${{ matrix.python_version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
             python-version: ${{ matrix.python_version }}
             allow-prereleases: true
             cache: "pip"
 
       - name: Cache pip packages
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: ~/.cache/pip
           key: ${{ runner.os }}-pip-${{ matrix.python-version }}-${{ hashFiles('cli/poetry.lock') }}

diff --git a/.github/workflows/test-unit-platform.yml b/.github/workflows/test-unit-platform.yml
@@ -22,18 +22,18 @@ jobs:
             ["3.9", "3.10", "3.11"]
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Install Python ${{ matrix.python_version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
             python-version: ${{ matrix.python_version }}
             allow-prereleases: true
             cache: "pip"
 
       - name: Cache pip packages
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: ~/.cache/pip
           key: ${{ runner.os }}-pip-${{ matrix.python-version }}-${{ hashFiles('openbb_platform/poetry.lock') }}

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -53,6 +53,7 @@ repos:
         args: ["--ignore-missing-imports", "--scripts-are-modules", "--check-untyped-defs"]
         additional_dependencies: ["types-requests", "types-setuptools"]
         require_serial: true
+        exclude: 'test_.*\.py'
   - repo: https://github.com/kynan/nbstripout
     rev: 0.6.1
     hooks:

diff --git a/.secrets.baseline b/.secrets.baseline
@@ -124,9 +124,22 @@
       "pattern": [
         "example",
         "REPLACE_ME",
+        "PASSWORD",
+        "PASS",
         "my_email",
         "my_password",
-        "my_pat"
+        "my_pat",
+        "fmp",
+        "other_key",
+        "polygon",
+        "fred",
+        "benzinga",
+        "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImRiMjEyZDdhZj",
+        "c2MWI0ZTNlOGNjZGM3OWQ5Zjk4YWM5In0.eyJhY2Nlc3NfdG9rZW4iOiJ0",
+        "b2tlbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJ1dWlkIjoidXVpZCIsInV",
+        "zZXJuYW1lIjoidXNlcm5hbWUiLCJlbWFpbCI6ImVtYWlsIiwicHJpbWFyeV9",
+        "1c2FnZSI6InByaW1hcnlfdXNhZ2UifQ.FAtE8-a1a-313Zoa6dREIxGZOHaW9",
+        "-JLZnFzyJ6dlHBZnkjQT2tfaaefxnTdAlSmToQwxGykvuatmI7L0wztPQ"
       ]
     }
   ],

diff --git a/cli/integration/test_integration_obbject_registry.py b/cli/integration/test_integration_obbject_registry.py
@@ -1,6 +1,5 @@
 """Test the obbject registry."""
 
-import pytest
 from openbb_cli.argparse_translator.obbject_registry import Registry
 from openbb_core.app.model.obbject import OBBject