From 1f6db3bdd8f1db5ddbbf47a42607a6ff87e7459a Mon Sep 17 00:00:00 2001
From: Russel Vela <russel.vela@venafi.com>
Date: Wed, 31 May 2023 18:35:31 -0600
Subject: [PATCH] fix(dependencies): Upgrade dependencies

Upgrade plugin dependencies to cover security risks
Ignore Safety ID 51457 dues to a false-positive reported here: https://github.com/pytest-dev/py/issues/287
Ignore bandit B113 request timeout issue
---
 docker-entrypoint.sh          | 3 ++-
 requirements-build.txt        | 8 ++++----
 requirements.txt              | 6 +++---
 vcert/connection_cloud.py     | 6 +++---
 vcert/connection_tpp.py       | 6 +++---
 vcert/connection_tpp_token.py | 4 ++--
 6 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index c219ad3..e23c3f6 100755
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -7,6 +7,7 @@ set -o pipefail
 bandit -r vcert/
 
 # ID 40291 is pip, ignore so we can still test python 2.7
-safety check -i 40291
+#Ignoring false-positive issue with pytest. ref: https://github.com/pytest-dev/py/issues/287
+safety check -i 40291 -i 51457
 
 pytest -v --junit-xml=junit.xml --junit-prefix=`python -V | tr ' ' '_'` --cov=vcert --cov=vcert.parser --cov=vcert.policy --cov-report term --cov-report xml
diff --git a/requirements-build.txt b/requirements-build.txt
index 8e3a791..2a8c8b4 100644
--- a/requirements-build.txt
+++ b/requirements-build.txt
@@ -1,4 +1,4 @@
-pytest==6.2.5
-pytest-cov==3.0.0
-safety==1.10.3
-bandit==1.7.1
\ No newline at end of file
+pytest==7.3.1
+pytest-cov==4.1.0
+safety==2.3.5
+bandit==1.7.5
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index a69b6b3..fa0d060 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,6 @@
-requests==2.27.1
+requests==2.31.0
 python-dateutil==2.8.2
-cryptography==36.0.1
+cryptography==41.0.0
 six==1.16.0
-ruamel.yaml==0.17.20
+ruamel.yaml==0.17.31
 pynacl==1.5.0
diff --git a/vcert/connection_cloud.py b/vcert/connection_cloud.py
index c8e8d11..c05a595 100644
--- a/vcert/connection_cloud.py
+++ b/vcert/connection_cloud.py
@@ -169,7 +169,7 @@ def _get(self, url, params=None):
             'accept': MIME_ANY,
             'cache-control': "no-cache"
         }
-        r = requests.get(self._base_url + url, params=params, headers=headers, **self._http_request_kwargs)
+        r = requests.get(self._base_url + url, params=params, headers=headers, **self._http_request_kwargs)  # nosec B113
         return self.process_server_response(r)
 
     def _post(self, url, data=None):
@@ -185,7 +185,7 @@ def _post(self, url, data=None):
             'cache-control': "no-cache"
         }
         if isinstance(data, dict):
-            r = requests.post(self._base_url + url, json=data, headers=headers, **self._http_request_kwargs)
+            r = requests.post(self._base_url + url, json=data, headers=headers, **self._http_request_kwargs)  # nosec B113
         else:
             log.error(f"Unexpected client data type: {type(data)} for {url}")
             raise ClientBadData
@@ -204,7 +204,7 @@ def _put(self, url, data=None):
             'accept': MIME_JSON
         }
         if isinstance(data, dict):
-            r = requests.put(self._base_url + url, json=data, headers=headers, **self._http_request_kwargs)
+            r = requests.put(self._base_url + url, json=data, headers=headers, **self._http_request_kwargs)  # nosec B113
         else:
             log.error(f"Unexpected client data type: {type(data)} for {url}")
             raise ClientBadData
diff --git a/vcert/connection_tpp.py b/vcert/connection_tpp.py
index eeed8a9..84baabd 100644
--- a/vcert/connection_tpp.py
+++ b/vcert/connection_tpp.py
@@ -86,7 +86,7 @@ def _get(self, url="", params=None):
                                   'content-type': MIME_JSON,
                                   'cache-control': 'no-cache'},
                          params=params,
-                         **self._http_request_kwargs)
+                         **self._http_request_kwargs)  # nosec B113
         return self.process_server_response(r)
 
     def _post(self, url, data=None):
@@ -100,7 +100,7 @@ def _post(self, url, data=None):
                                        'content-type': MIME_JSON,
                                        'cache-control': "no-cache"},
                               json=data,
-                              **self._http_request_kwargs)
+                              **self._http_request_kwargs)  # nosec B113
         else:
             log.error(f"Unexpected client data type: {type(data)} for {url}")
             raise ClientBadData
@@ -126,7 +126,7 @@ def auth(self):
                           json=data,
                           headers={'content-type': MIME_JSON,
                                    'cache-control': "no-cache"},
-                          **self._http_request_kwargs)
+                          **self._http_request_kwargs)  # nosec B113
 
         status, user = self.process_server_response(r)
         if status == HTTPStatus.OK:
diff --git a/vcert/connection_tpp_token.py b/vcert/connection_tpp_token.py
index 7b2d56a..5159daf 100644
--- a/vcert/connection_tpp_token.py
+++ b/vcert/connection_tpp_token.py
@@ -98,7 +98,7 @@ def _get(self, url=None, params=None, check_token=True, include_token_header=Tru
             token = self._get_auth_header_value(self._auth.access_token)
             headers[HEADER_AUTHORIZATION] = token
 
-        r = requests.get(self._base_url + url, headers=headers, params=params, **self._http_request_kwargs)
+        r = requests.get(self._base_url + url, headers=headers, params=params, **self._http_request_kwargs)  # nosec B113
         return self.process_server_response(r)
 
     def _post(self, url=None, data=None, check_token=True, include_token_header=True):
@@ -115,7 +115,7 @@ def _post(self, url=None, data=None, check_token=True, include_token_header=True
 
         if isinstance(data, dict):
             log.debug(f"POST Request\n\tURL: {self._base_url+url}\n\tHeaders:{headers}\n\tBody:{data}\n")
-            r = requests.post(self._base_url + url, headers=headers, json=data,  **self._http_request_kwargs)
+            r = requests.post(self._base_url + url, headers=headers, json=data,  **self._http_request_kwargs)  # nosec B113
         else:
             log.error(f"Unexpected client data type: {type(data)} for {url}")
             raise ClientBadData