From 3ccedfa3696eb5f79d481051d8fca5380ff8b801 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Zimmermann?= <101292599+ekneg54@users.noreply.github.com> Date: Wed, 7 Feb 2024 15:16:27 +0100 Subject: [PATCH] Prepare release 10.0.0 (#521) * update changed-files action * update requirements * update changelog --- .github/workflows/ci.yml | 2 +- .github/workflows/main.yml | 2 +- CHANGELOG.md | 11 +++ requirements.in | 4 +- requirements.txt | 90 ++++++++++---------- requirements_dev.txt | 170 ++++++++++++++++++------------------- 6 files changed, 144 insertions(+), 135 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index da67a0172..2373a3657 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -133,7 +133,7 @@ jobs: - name: Get changed python files id: changed-files - uses: tj-actions/changed-files@v18.7 + uses: tj-actions/changed-files@v41 with: files: | **/*.py diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6d3cdeb49..799239ba3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -102,7 +102,7 @@ jobs: - name: Get changed python files id: changed-files - uses: tj-actions/changed-files@v18.7 + uses: tj-actions/changed-files@v41 with: files: | **/*.py diff --git a/CHANGELOG.md b/CHANGELOG.md index 871c7ebe4..cde4b630d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,16 @@ ## next release ### Breaking +### Features + +### Improvements + +### Bugfix + + +## v10.0.0 +### Breaking + * reimplement the logprep CLI, see `logprep --help` for more information. * remove feature to reload configuration by sending signal `SIGUSR1` * remove feature to validate rules because it is already included in `logprep test config` @@ -29,6 +39,7 @@ * rewrite Runner * delete MultiProcessingPipeline class to simplify multiprocesing * add FDA to the quickstart setup +* bump versions for `fastapi` and `aiohttp` to address CVEs ### Bugfix diff --git a/requirements.in b/requirements.in index 22226ba3f..24e9871cf 100644 --- a/requirements.in +++ b/requirements.in @@ -1,11 +1,11 @@ -aiohttp>=3.8.5 # CVE-2023-37276 +aiohttp>=3.9.2 # CVE-2024-23334 attrs certifi>=2023.7.22 # CVE-2023-37920 ciso8601 # fastest iso8601 datetime parser. can be removed after dropping support for python < 3.11 colorama confluent-kafka>2 elasticsearch>=7,<8 -fastapi +fastapi>=0.109.1 # CVE-2024-24762 geoip2 hyperscan>=0.4.0; sys_platform == 'linux' and platform_machine == 'x86_64' jsonref diff --git a/requirements.txt b/requirements.txt index b15c8426e..efc00c535 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,11 +2,11 @@ # This file is autogenerated by pip-compile with Python 3.11 # by the following command: # -# pip-compile ./requirements.in +# pip-compile requirements.in # -aiohttp==3.9.1 +aiohttp==3.9.3 # via - # -r ./requirements.in + # -r requirements.in # geoip2 aiosignal==1.3.1 # via aiohttp @@ -15,41 +15,41 @@ annotated-types==0.6.0 anyio==4.2.0 # via starlette arrow==1.3.0 - # via -r ./requirements.in + # via -r requirements.in attrs==23.2.0 # via - # -r ./requirements.in + # -r requirements.in # aiohttp boto3==1.34.27 - # via -r ./requirements.in + # via -r requirements.in botocore==1.34.27 # via # boto3 # s3transfer certifi==2023.11.17 # via - # -r ./requirements.in + # -r requirements.in # elasticsearch # opensearch-py # requests charset-normalizer==3.3.2 # via requests ciso8601==2.3.1 - # via -r ./requirements.in + # via -r requirements.in click==8.1.7 # via - # -r ./requirements.in + # -r requirements.in # uvicorn colorama==0.4.6 - # via -r ./requirements.in + # via -r requirements.in confluent-kafka==2.3.0 - # via -r ./requirements.in + # via -r requirements.in deepdiff==6.7.1 - # via -r ./requirements.in + # via -r requirements.in elasticsearch==7.17.9 - # via -r ./requirements.in -fastapi==0.109.0 - # via -r ./requirements.in + # via -r requirements.in +fastapi==0.109.1 + # via -r requirements.in filelock==3.13.1 # via # tldextract @@ -59,11 +59,11 @@ frozenlist==1.4.1 # aiohttp # aiosignal geoip2==4.8.0 - # via -r ./requirements.in + # via -r requirements.in h11==0.14.0 # via uvicorn hyperscan==0.6.0 ; sys_platform == "linux" and platform_machine == "x86_64" - # via -r ./requirements.in + # via -r requirements.in idna==3.6 # via # anyio @@ -77,56 +77,56 @@ jmespath==1.0.1 # botocore joblib==1.3.2 # via - # -r ./requirements.in + # -r requirements.in # scikit-learn jsonref==1.1.0 - # via -r ./requirements.in + # via -r requirements.in luqum==0.13.0 - # via -r ./requirements.in + # via -r requirements.in maxminddb==2.5.2 # via geoip2 msgspec==0.18.6 - # via -r ./requirements.in + # via -r requirements.in multidict==6.0.4 # via # aiohttp # yarl mysql-connector-python==8.3.0 - # via -r ./requirements.in + # via -r requirements.in ndjson==0.3.1 - # via -r ./requirements.in + # via -r requirements.in numpy==1.26.3 # via - # -r ./requirements.in + # -r requirements.in # pandas # scikit-learn # scipy opensearch-py==2.4.2 - # via -r ./requirements.in + # via -r requirements.in ordered-set==4.1.0 # via deepdiff pandas==2.2.0 - # via -r ./requirements.in + # via -r requirements.in platformdirs==4.1.0 # via urlextract ply==3.11 # via luqum prometheus-client==0.19.0 - # via -r ./requirements.in + # via -r requirements.in protobuf==4.25.2 - # via -r ./requirements.in + # via -r requirements.in pycryptodome==3.20.0 - # via -r ./requirements.in + # via -r requirements.in pydantic==2.5.3 # via - # -r ./requirements.in + # -r requirements.in # fastapi pydantic-core==2.14.6 # via pydantic pygrok==1.0.0 - # via -r ./requirements.in + # via -r requirements.in pyparsing==3.1.1 - # via -r ./requirements.in + # via -r requirements.in python-dateutil==2.8.2 # via # arrow @@ -135,15 +135,15 @@ python-dateutil==2.8.2 # pandas pytz==2023.3.post1 # via - # -r ./requirements.in + # -r requirements.in # pandas pyyaml==6.0.1 - # via -r ./requirements.in + # via -r requirements.in regex==2023.12.25 # via pygrok requests==2.31.0 # via - # -r ./requirements.in + # -r requirements.in # geoip2 # opensearch-py # requests-file @@ -151,18 +151,18 @@ requests==2.31.0 requests-file==1.5.1 # via tldextract ruamel-yaml==0.18.5 - # via -r ./requirements.in + # via -r requirements.in ruamel-yaml-clib==0.2.8 # via ruamel-yaml s3transfer==0.10.0 # via boto3 schedule==1.2.1 - # via -r ./requirements.in + # via -r requirements.in scikit-learn==1.4.0 - # via -r ./requirements.in + # via -r requirements.in scipy==1.12.0 # via - # -r ./requirements.in + # -r requirements.in # scikit-learn six==1.16.0 # via @@ -174,11 +174,11 @@ sniffio==1.3.0 starlette==0.35.1 # via fastapi tabulate==0.9.0 - # via -r ./requirements.in + # via -r requirements.in threadpoolctl==3.2.0 # via scikit-learn tldextract==5.1.1 - # via -r ./requirements.in + # via -r requirements.in types-python-dateutil==2.8.19.20240106 # via arrow typing-extensions==4.9.0 @@ -191,18 +191,18 @@ tzdata==2023.4 uritools==4.0.2 # via urlextract urlextract==1.8.0 - # via -r ./requirements.in + # via -r requirements.in urllib3==1.26.18 # via - # -r ./requirements.in + # -r requirements.in # botocore # elasticsearch # opensearch-py # requests uvicorn==0.27.0 - # via -r ./requirements.in + # via -r requirements.in wheel==0.42.0 - # via -r ./requirements.in + # via -r requirements.in yarl==1.9.4 # via aiohttp diff --git a/requirements_dev.txt b/requirements_dev.txt index db634812c..0678c09a1 100644 --- a/requirements_dev.txt +++ b/requirements_dev.txt @@ -2,45 +2,45 @@ # This file is autogenerated by pip-compile with Python 3.11 # by the following command: # -# pip-compile ./requirements_dev.in +# pip-compile requirements_dev.in # -aiohttp==3.9.1 +aiohttp==3.9.3 # via - # -r ./requirements.txt + # -r requirements.txt # geoip2 aiosignal==1.3.1 # via - # -r ./requirements.txt + # -r requirements.txt # aiohttp annotated-types==0.6.0 # via - # -r ./requirements.txt + # -r requirements.txt # pydantic anyio==4.2.0 # via - # -r ./requirements.txt + # -r requirements.txt # httpx # starlette arrow==1.3.0 - # via -r ./requirements.txt + # via -r requirements.txt astroid==3.0.2 # via pylint attrs==23.2.0 # via - # -r ./requirements.txt + # -r requirements.txt # aiohttp black==23.12.1 - # via -r ./requirements_dev.in + # via -r requirements_dev.in boto3==1.34.27 - # via -r ./requirements.txt + # via -r requirements.txt botocore==1.34.27 # via - # -r ./requirements.txt + # -r requirements.txt # boto3 # s3transfer certifi==2023.11.17 # via - # -r ./requirements.txt + # -r requirements.txt # elasticsearch # httpcore # httpx @@ -48,57 +48,55 @@ certifi==2023.11.17 # requests charset-normalizer==3.3.2 # via - # -r ./requirements.txt + # -r requirements.txt # requests ciso8601==2.3.1 - # via -r ./requirements.txt + # via -r requirements.txt click==8.1.7 # via - # -r ./requirements.txt + # -r requirements.txt # black # uvicorn colorama==0.4.6 - # via -r ./requirements.txt + # via -r requirements.txt confluent-kafka==2.3.0 - # via -r ./requirements.txt + # via -r requirements.txt coverage[toml]==7.4.0 - # via - # coverage - # pytest-cov + # via pytest-cov deepdiff==6.7.1 - # via -r ./requirements.txt + # via -r requirements.txt dill==0.3.7 # via pylint elasticsearch==7.17.9 - # via -r ./requirements.txt -fastapi==0.109.0 - # via -r ./requirements.txt + # via -r requirements.txt +fastapi==0.109.1 + # via -r requirements.txt filelock==3.13.1 # via - # -r ./requirements.txt + # -r requirements.txt # tldextract # urlextract frozenlist==1.4.1 # via - # -r ./requirements.txt + # -r requirements.txt # aiohttp # aiosignal geoip2==4.8.0 - # via -r ./requirements.txt + # via -r requirements.txt h11==0.14.0 # via - # -r ./requirements.txt + # -r requirements.txt # httpcore # uvicorn httpcore==1.0.2 # via httpx httpx==0.26.0 - # via -r ./requirements_dev.in + # via -r requirements_dev.in hyperscan==0.6.0 ; sys_platform == "linux" and platform_machine == "x86_64" - # via -r ./requirements.txt + # via -r requirements.txt idna==3.6 # via - # -r ./requirements.txt + # -r requirements.txt # anyio # httpx # requests @@ -109,67 +107,67 @@ iniconfig==2.0.0 # via pytest isort==5.13.2 # via - # -r ./requirements_dev.in + # -r requirements_dev.in # pylint jinja2==3.1.3 - # via -r ./requirements_dev.in + # via -r requirements_dev.in jmespath==1.0.1 # via - # -r ./requirements.txt + # -r requirements.txt # boto3 # botocore joblib==1.3.2 # via - # -r ./requirements.txt + # -r requirements.txt # scikit-learn jsonref==1.1.0 - # via -r ./requirements.txt + # via -r requirements.txt luqum==0.13.0 - # via -r ./requirements.txt + # via -r requirements.txt markupsafe==2.1.4 # via jinja2 maxminddb==2.5.2 # via - # -r ./requirements.txt + # -r requirements.txt # geoip2 mccabe==0.7.0 # via pylint msgspec==0.18.6 - # via -r ./requirements.txt + # via -r requirements.txt multidict==6.0.4 # via - # -r ./requirements.txt + # -r requirements.txt # aiohttp # yarl mypy-extensions==1.0.0 # via black mysql-connector-python==8.3.0 - # via -r ./requirements.txt + # via -r requirements.txt ndjson==0.3.1 - # via -r ./requirements.txt + # via -r requirements.txt numpy==1.26.3 # via - # -r ./requirements.txt + # -r requirements.txt # pandas # scikit-learn # scipy opensearch-py==2.4.2 - # via -r ./requirements.txt + # via -r requirements.txt ordered-set==4.1.0 # via - # -r ./requirements.txt + # -r requirements.txt # deepdiff packaging==23.2 # via # black # pytest pandas==2.2.0 - # via -r ./requirements.txt + # via -r requirements.txt pathspec==0.12.1 # via black platformdirs==4.1.0 # via - # -r ./requirements.txt + # -r requirements.txt # black # pylint # urlextract @@ -177,56 +175,56 @@ pluggy==1.4.0 # via pytest ply==3.11 # via - # -r ./requirements.txt + # -r requirements.txt # luqum prometheus-client==0.19.0 - # via -r ./requirements.txt + # via -r requirements.txt protobuf==4.25.2 - # via -r ./requirements.txt + # via -r requirements.txt pycryptodome==3.20.0 - # via -r ./requirements.txt + # via -r requirements.txt pydantic==2.5.3 # via - # -r ./requirements.txt + # -r requirements.txt # fastapi pydantic-core==2.14.6 # via - # -r ./requirements.txt + # -r requirements.txt # pydantic pygrok==1.0.0 - # via -r ./requirements.txt + # via -r requirements.txt pylint==3.0.3 - # via -r ./requirements_dev.in + # via -r requirements_dev.in pyparsing==3.1.1 - # via -r ./requirements.txt + # via -r requirements.txt pytest==7.4.4 # via - # -r ./requirements_dev.in + # -r requirements_dev.in # pytest-cov pytest-cov==4.1.0 - # via -r ./requirements_dev.in + # via -r requirements_dev.in python-dateutil==2.8.2 # via - # -r ./requirements.txt + # -r requirements.txt # arrow # botocore # opensearch-py # pandas pytz==2023.3.post1 # via - # -r ./requirements.txt + # -r requirements.txt # pandas pyyaml==6.0.1 # via - # -r ./requirements.txt + # -r requirements.txt # responses regex==2023.12.25 # via - # -r ./requirements.txt + # -r requirements.txt # pygrok requests==2.31.0 # via - # -r ./requirements.txt + # -r requirements.txt # geoip2 # opensearch-py # requests-file @@ -234,88 +232,88 @@ requests==2.31.0 # tldextract requests-file==1.5.1 # via - # -r ./requirements.txt + # -r requirements.txt # tldextract responses==0.24.1 - # via -r ./requirements_dev.in + # via -r requirements_dev.in ruamel-yaml==0.18.5 - # via -r ./requirements.txt + # via -r requirements.txt ruamel-yaml-clib==0.2.8 # via - # -r ./requirements.txt + # -r requirements.txt # ruamel-yaml s3transfer==0.10.0 # via - # -r ./requirements.txt + # -r requirements.txt # boto3 schedule==1.2.1 - # via -r ./requirements.txt + # via -r requirements.txt scikit-learn==1.4.0 - # via -r ./requirements.txt + # via -r requirements.txt scipy==1.12.0 # via - # -r ./requirements.txt + # -r requirements.txt # scikit-learn six==1.16.0 # via - # -r ./requirements.txt + # -r requirements.txt # opensearch-py # python-dateutil # requests-file sniffio==1.3.0 # via - # -r ./requirements.txt + # -r requirements.txt # anyio # httpx starlette==0.35.1 # via - # -r ./requirements.txt + # -r requirements.txt # fastapi tabulate==0.9.0 - # via -r ./requirements.txt + # via -r requirements.txt threadpoolctl==3.2.0 # via - # -r ./requirements.txt + # -r requirements.txt # scikit-learn tldextract==5.1.1 - # via -r ./requirements.txt + # via -r requirements.txt tomlkit==0.12.3 # via pylint types-python-dateutil==2.8.19.20240106 # via - # -r ./requirements.txt + # -r requirements.txt # arrow typing-extensions==4.9.0 # via - # -r ./requirements.txt + # -r requirements.txt # fastapi # pydantic # pydantic-core tzdata==2023.4 # via - # -r ./requirements.txt + # -r requirements.txt # pandas uritools==4.0.2 # via - # -r ./requirements.txt + # -r requirements.txt # urlextract urlextract==1.8.0 - # via -r ./requirements.txt + # via -r requirements.txt urllib3==1.26.18 # via - # -r ./requirements.txt + # -r requirements.txt # botocore # elasticsearch # opensearch-py # requests # responses uvicorn==0.27.0 - # via -r ./requirements.txt + # via -r requirements.txt wheel==0.42.0 - # via -r ./requirements.txt + # via -r requirements.txt yarl==1.9.4 # via - # -r ./requirements.txt + # -r requirements.txt # aiohttp # The following packages are considered to be unsafe in a requirements file: