Fix security vulnerabilities flagged by mend (#940)

* fix security vulnerbilities flagged by mend

Signed-off-by: cching95 <chloe.ching@shell.com>

* update packages

Signed-off-by: cching95 <chloe.ching@shell.com>

* updates to packages fixes

Signed-off-by: cching95 <chloe.ching@shell.com>

---------

Signed-off-by: cching95 <chloe.ching@shell.com>

Author: cching95

environment.yml

@@ -29,13 +29,13 @@ dependencies:
     - numpy>=1.23.4,<2.0.0
     - oauthlib>=3.2.2,<4.0.0
     - cryptography>=38.0.3
-    - azure-identity>=1.20.0,<2.0.0
+    - azure-identity>=1.25.1,<2.0.0
     - azure-storage-file-datalake>=12.12.0,<13.0.0
     - azure-keyvault-secrets>=4.7.0,<5.0.0
     - azure-mgmt-storage>=21.0.0
     - boto3>=1.28.2,<2.0.0
     - pyodbc>=5.2.0,<6.0.0
-    - fastapi>=0.122.0,<1.0.0
+    - fastapi>=0.121.0,<1.0.0
     - starlette>=0.49.1,<1.0.0
     - httpx>=0.24.1,<1.0.0
     - pyspark>=3.3.0,<3.6.0
@@ -53,12 +53,12 @@ dependencies:
     - mkdocs-macros-plugin==1.0.1
     - mkdocs-autorefs>=1.0.0,<1.1.0
     - pygments==2.16.1
-    - pymdown-extensions==10.8.1
+    - pymdown-extensions==10.20
     - databricks-sql-connector>=3.6.0,<3.7.0
     - semver>=3.0.0,<4.0.0
     - xlrd>=2.0.1
     - pygithub>=1.59.0
-    - pydantic>=2.10.0,<3.0.0
+    - pydantic>=2.10.1,<3.0.0
     - pyjwt>=2.10.1,<3.0.0
     - twine==4.0.2
     - delta-sharing-python>=1.0.0,<2.0.0

setup.py

@@ -30,7 +30,7 @@
 INSTALL_REQUIRES = [
     "databricks-sql-connector>=3.6.0,<3.7.0",
     "pyarrow>=14.0.1,<17.0.0",
-    "azure-identity>=1.20.0,<2.0.0",
+    "azure-identity>=1.25.1,<2.0.0",
     "pandas>=2.0.1,<2.3.0",
     "jinja2>=3.1.6,<4.0.0",
     "importlib_metadata>=7.0.0,<9.0.0",
@@ -39,9 +39,10 @@
     "grpcio>=1.48.1,<1.63.0",
     "grpcio-status>=1.48.1,<1.63.0",
     "googleapis-common-protos>=1.56.4",
-    "pydantic>=2.10.0,<3.0.0",
+    "pydantic>=2.10.1,<3.0.0",
     "protobuf>=5.29.0,<5.30.0",
-    "urllib3>=2.6.0,<3.0.0",
+    "urllib3>=2.6.3,<3.0.0",
+    "werkzeug>=3.1.5,<4.0.0",
 ]
 
 PYSPARK_PACKAGES = [

src/api/requirements.txt

@@ -1,18 +1,19 @@
 # Do not include azure-functions-worker as it may conflict with the Azure Functions platform
 azure-functions==1.20.0
-fastapi==0.122.0
+fastapi==0.121.0
 starlette==0.49.1
-pydantic==2.10.0
+pydantic==2.10.1
 # turbodbc==4.11.0
 pyodbc==5.2.0
 importlib_metadata>=7.0.0,<9.0.0
 databricks-sql-connector==3.6.0
-azure-identity==1.20.0
+azure-identity==1.25.1
 oauthlib>=3.2.2
 pandas>=2.0.1,<2.3.0
 numpy==1.26.4
 pyarrow>=14.0.1,<17.0.0
-urllib3>=2.6.0,<3.0.0
+urllib3>=2.6.3,<3.0.0
+werkzeug>=3.1.5,<4.0.0
 jinja2==3.1.6
 pytz==2024.2
 semver==3.0.2