From 94836976646b9f76f8a36de57c7fbf0982607d79 Mon Sep 17 00:00:00 2001 From: amercader Date: Mon, 8 Jul 2024 16:53:58 +0200 Subject: [PATCH 1/6] Bump certifi and requests for security updates --- requirements.in | 6 +++--- requirements.txt | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/requirements.in b/requirements.in index 106759558e6..23ef737c4ff 100644 --- a/requirements.in +++ b/requirements.in @@ -4,7 +4,7 @@ alembic==1.13.1 Babel==2.14.0 bleach==6.1.0 blinker==1.7.0 -certifi>=2023.7.22 +certifi>=2024.7.4 click==8.1.7 dominate==2.9.1 feedgen==1.0.0 @@ -15,6 +15,7 @@ Flask-Session==0.8.0 Flask-WTF==1.2.1 Jinja2==3.1.4 Markdown==3.6 +msgspec==0.18.6 packaging==24.0 passlib==1.7.4 polib==1.2.0 @@ -26,7 +27,7 @@ pysolr==3.9.0 python-dateutil==2.9.0.post0 pytz pyyaml==6.0.1 -requests==2.31.0 +requests==2.32.3 rq==1.16.1 simplejson==3.19.2 SQLAlchemy[mypy]==1.4.52 @@ -36,4 +37,3 @@ tzlocal==5.2 webassets==2.0 Werkzeug[watchdog]==3.0.3 zope.interface==6.2 -msgspec==0.18.6 diff --git a/requirements.txt b/requirements.txt index 029cad8f265..724cbb55e75 100644 --- a/requirements.txt +++ b/requirements.txt @@ -20,7 +20,7 @@ blinker==1.7.0 # flask cachelib==0.13.0 # via flask-session -certifi==2024.2.2 +certifi==2024.7.4 # via # -r requirements.in # requests @@ -115,7 +115,7 @@ pyyaml==6.0.1 # via -r requirements.in redis==5.0.4 # via rq -requests==2.31.0 +requests==2.32.3 # via # -r requirements.in # pysolr From 05f8c7877a3b647c08cbb22231d1b0be39b91c3a Mon Sep 17 00:00:00 2001 From: amercader Date: Mon, 8 Jul 2024 17:01:15 +0200 Subject: [PATCH 2/6] Upgrade rest of requirements --- requirements.in | 16 ++++++++-------- requirements.txt | 32 ++++++++++++++++---------------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/requirements.in b/requirements.in index 23ef737c4ff..28f5373baff 100644 --- a/requirements.in +++ b/requirements.in @@ -1,14 +1,14 @@ # The file contains the direct ckan requirements (python3). # Use pip-compile to create a requirements.txt file from this -alembic==1.13.1 -Babel==2.14.0 +alembic==1.13.2 +Babel==2.15.0 bleach==6.1.0 -blinker==1.7.0 +blinker==1.8.2 certifi>=2024.7.4 click==8.1.7 dominate==2.9.1 feedgen==1.0.0 -Flask==3.0.2 +Flask==3.0.3 Flask-Babel==4.0.0 Flask-Login==0.6.3 Flask-Session==0.8.0 @@ -16,7 +16,7 @@ Flask-WTF==1.2.1 Jinja2==3.1.4 Markdown==3.6 msgspec==0.18.6 -packaging==24.0 +packaging==24.1 passlib==1.7.4 polib==1.2.0 psycopg2==2.9.9 @@ -28,12 +28,12 @@ python-dateutil==2.9.0.post0 pytz pyyaml==6.0.1 requests==2.32.3 -rq==1.16.1 +rq==1.16.2 simplejson==3.19.2 SQLAlchemy[mypy]==1.4.52 sqlparse==0.5.0 -typing_extensions==4.10.0 +typing_extensions==4.12.2 tzlocal==5.2 webassets==2.0 Werkzeug[watchdog]==3.0.3 -zope.interface==6.2 +zope.interface==6.4post2 diff --git a/requirements.txt b/requirements.txt index 724cbb55e75..96999a9e39a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,17 +4,17 @@ # # pip-compile requirements.in # -alembic==1.13.1 +alembic==1.13.2 # via -r requirements.in async-timeout==4.0.3 # via redis -babel==2.14.0 +babel==2.15.0 # via # -r requirements.in # flask-babel bleach==6.1.0 # via -r requirements.in -blinker==1.7.0 +blinker==1.8.2 # via # -r requirements.in # flask @@ -35,7 +35,7 @@ dominate==2.9.1 # via -r requirements.in feedgen==1.0.0 # via -r requirements.in -flask==3.0.2 +flask==3.0.3 # via # -r requirements.in # flask-babel @@ -54,7 +54,7 @@ greenlet==3.0.3 # via sqlalchemy idna==3.7 # via requests -importlib-metadata==7.1.0 +importlib-metadata==8.0.0 # via # flask # markdown @@ -67,9 +67,9 @@ jinja2==3.1.4 # -r requirements.in # flask # flask-babel -lxml==5.2.1 +lxml==5.2.2 # via feedgen -mako==1.3.3 +mako==1.3.5 # via alembic markdown==3.6 # via -r requirements.in @@ -83,11 +83,11 @@ msgspec==0.18.6 # via # -r requirements.in # flask-session -mypy==1.9.0 +mypy==1.10.1 # via sqlalchemy mypy-extensions==1.0.0 # via mypy -packaging==24.0 +packaging==24.1 # via -r requirements.in passlib==1.7.4 # via -r requirements.in @@ -113,13 +113,13 @@ pytz==2024.1 # flask-babel pyyaml==6.0.1 # via -r requirements.in -redis==5.0.4 +redis==5.0.7 # via rq requests==2.32.3 # via # -r requirements.in # pysolr -rq==1.16.1 +rq==1.16.2 # via -r requirements.in simplejson==3.19.2 # via -r requirements.in @@ -138,7 +138,7 @@ sqlparse==0.5.0 # via -r requirements.in tomli==2.0.1 # via mypy -typing-extensions==4.10.0 +typing-extensions==4.12.2 # via # -r requirements.in # alembic @@ -146,9 +146,9 @@ typing-extensions==4.10.0 # sqlalchemy2-stubs tzlocal==5.2 # via -r requirements.in -urllib3==2.2.1 +urllib3==2.2.2 # via requests -watchdog==4.0.0 +watchdog==4.0.1 # via werkzeug webassets==2.0 # via -r requirements.in @@ -162,9 +162,9 @@ werkzeug[watchdog]==3.0.3 # werkzeug wtforms==3.1.2 # via flask-wtf -zipp==3.18.1 +zipp==3.19.2 # via importlib-metadata -zope-interface==6.2 +zope-interface==6.4.post2 # via -r requirements.in # The following packages are considered to be unsafe in a requirements file: From fc71a26377d5d569131bcaeb7cca38b7a0300dc0 Mon Sep 17 00:00:00 2001 From: amercader Date: Mon, 8 Jul 2024 17:03:54 +0200 Subject: [PATCH 3/6] Upgrade dev requirements --- dev-requirements.txt | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/dev-requirements.txt b/dev-requirements.txt index 6226fe0ce88..897e00ae774 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -1,24 +1,24 @@ # These are packages that are required by ckan developers - for running ckan in debug mode, running ckan tests, building the docs and to pip-compile the requirements.in file. -beautifulsoup4==4.12.3 +beautifulsoup4==4.12.4 cookiecutter==2.6.0 coveralls #Let Unpinned - Requires latest coveralls -Faker==24.4.0 +Faker==26.0.0 factory-boy==3.3.0 -flask-debugtoolbar==0.14.1 -freezegun==1.4.0 +flask-debugtoolbar==0.15.1 +freezegun==1.5.1 ipdb==0.13.13 pip-tools==7.4.1 -Pillow==10.3.0 -responses==0.25.0 +Pillow==10.4.0 +responses==0.25.3 sphinx-rtd-theme==2.0.0 -sphinx==7.2.6 +sphinx==7.3.7 toml==0.10.2 towncrier==23.11.0 -pytest==8.1.1 +pytest==8.2.2 pytest-cov==5.0.0 pytest-factoryboy==2.7.0 pytest-freezegun==0.4.2 pytest-rerunfailures==14.0 -pytest-split==0.8.2 +pytest-split==0.9.0 From 644011b43094855085bede7a14656921ffe9f6aa Mon Sep 17 00:00:00 2001 From: amercader Date: Mon, 8 Jul 2024 17:05:41 +0200 Subject: [PATCH 4/6] Bump node packages with security issues --- package-lock.json | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/package-lock.json b/package-lock.json index ed93eef679a..2680c79398a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -629,12 +629,12 @@ } }, "node_modules/braces": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", - "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", "dev": true, "dependencies": { - "fill-range": "^7.0.1" + "fill-range": "^7.1.1" }, "engines": { "node": ">=8" @@ -1520,9 +1520,9 @@ } }, "node_modules/fill-range": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", - "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", "dev": true, "dependencies": { "to-regex-range": "^5.0.1" @@ -4454,12 +4454,12 @@ } }, "braces": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", - "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", "dev": true, "requires": { - "fill-range": "^7.0.1" + "fill-range": "^7.1.1" } }, "buffer": { @@ -5222,9 +5222,9 @@ } }, "fill-range": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", - "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", "dev": true, "requires": { "to-regex-range": "^5.0.1" From ffc8d00c05cd3a30c7e6a551958a807b341c0cba Mon Sep 17 00:00:00 2001 From: amercader Date: Tue, 9 Jul 2024 13:01:00 +0200 Subject: [PATCH 5/6] Fix beatifulsoup4 version --- dev-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-requirements.txt b/dev-requirements.txt index 897e00ae774..16ef181806a 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -1,6 +1,6 @@ # These are packages that are required by ckan developers - for running ckan in debug mode, running ckan tests, building the docs and to pip-compile the requirements.in file. -beautifulsoup4==4.12.4 +beautifulsoup4==4.12.3 cookiecutter==2.6.0 coveralls #Let Unpinned - Requires latest coveralls Faker==26.0.0 From 8c8ade8ac18545e28e146ae29309db974ff9dd20 Mon Sep 17 00:00:00 2001 From: amercader Date: Tue, 9 Jul 2024 14:03:56 +0200 Subject: [PATCH 6/6] responses>0.25.2 doesn't like body in HEAD mocks --- ckanext/resourceproxy/tests/test_proxy.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ckanext/resourceproxy/tests/test_proxy.py b/ckanext/resourceproxy/tests/test_proxy.py index 8e661caf817..a7cf337474e 100644 --- a/ckanext/resourceproxy/tests/test_proxy.py +++ b/ckanext/resourceproxy/tests/test_proxy.py @@ -33,6 +33,7 @@ def initial_data(self, clean_db, with_request_context): def mock_out_urls(self, *args, **kwargs): responses.add(responses.GET, *args, **kwargs) + kwargs.pop("body", None) responses.add(responses.HEAD, *args, **kwargs) @responses.activate