From fa391c3704980870e8816559c1915657925c183e Mon Sep 17 00:00:00 2001 From: Fuhu Xia Date: Fri, 29 Mar 2024 13:36:14 +0000 Subject: [PATCH 1/2] update dependencies, update snyk ignore list --- ckan/.snyk | 34 ---------------------------------- ckan/requirements.txt | 14 +++++++------- 2 files changed, 7 insertions(+), 41 deletions(-) diff --git a/ckan/.snyk b/ckan/.snyk index c24c819b..9638da9d 100644 --- a/ckan/.snyk +++ b/ckan/.snyk @@ -37,34 +37,6 @@ ignore: https://github.com/GSA/data.gov/issues/4303 expires: 2024-03-31T16:20:58.017Z created: 2023-05-08T16:20:58.023Z - SNYK-PYTHON-WERKZEUG-6041510: - - '*': - reason: >- - Upgrade path is complex, Issue tracked in github: - https://github.com/GSA/data.gov/issues/4217 - expires: 2024-03-31T14:44:52.166Z - created: 2023-11-02T14:44:52.170Z - SNYK-PYTHON-CRYPTOGRAPHY-6050294: - - '*': - reason: >- - No remediation available yet; Issue tracked in github: - https://github.com/GSA/data.gov/issues/4532 - expires: 2024-02-08T00:00:00.000Z - created: 2023-11-16T20:31:20.590Z - SNYK-PYTHON-CRYPTOGRAPHY-6126975: - - '*': - reason: >- - No remediation available yet; Issue tracked in github: - https://github.com/GSA/data.gov/issues/4532 - expires: 2024-03-14T00:00:00.000Z - created: 2023-12-14T00:00:00.000Z - SNYK-PYTHON-CRYPTOGRAPHY-6149518: - - '*': - reason: >- - No remediation available yet; Issue tracked in github: - https://github.com/GSA/data.gov/issues/4532 - expires: 2024-04-10T19:28:50.100Z - created: 2024-01-11T19:28:50.103Z SNYK-PYTHON-PYOPENSSL-6149520: - '*': reason: >- @@ -78,10 +50,4 @@ ignore: No remediation available yet; Issue tracked in github: https://github.com/GSA/data.gov/issues/4591 expires: 2024-04-10T19:29:54.032Z - SNYK-PYTHON-CRYPTOGRAPHY-6157248: - - '*': - reason: >- - No remediation available yet; Issue tracked in github: - https://github.com/GSA/data.gov/issues/4590 - expires: 2024-04-10T19:29:54.032Z patch: {} diff --git a/ckan/requirements.txt b/ckan/requirements.txt index 2a7c4541..3bdab4bf 100644 --- a/ckan/requirements.txt +++ b/ckan/requirements.txt @@ -4,8 +4,8 @@ Babel==2.10.3 Beaker==1.11.0 bleach==5.0.1 blinker==1.5 -boto3==1.34.69 -botocore==1.34.69 +boto3==1.34.73 +botocore==1.34.73 certifi==2024.2.2 cffi==1.16.0 chardet==5.2.0 @@ -55,14 +55,14 @@ Jinja2==3.1.3 jmespath==1.0.1 json-table-schema==0.2.1 jsonschema==2.4.0 -lxml==5.1.0 +lxml==5.1.1 Mako==1.3.2 Markdown==3.4.1 MarkupSafe==2.1.5 messytables==0.15.2 mypy==1.9.0 mypy-extensions==1.0.0 -newrelic==9.7.1 +newrelic==9.8.0 nose==1.3.7 numpy==1.26.4 oauth2client==4.1.3 @@ -76,8 +76,8 @@ polib==1.1.1 progressbar==2.5 progressbar2==3.53.3 psycopg2==2.9.3 -pyasn1==0.5.1 -pyasn1-modules==0.3.0 +pyasn1==0.6.0 +pyasn1_modules==0.4.0 pycparser==2.21 PyJWT==2.4.0 pyOpenSSL==24.1.0 @@ -121,6 +121,6 @@ Werkzeug==2.0.3 wheel==0.42.0 WTForms==3.1.2 xlrd==2.0.1 -xmlschema==3.1.0 +xmlschema==3.2.0 zope.event==5.0 zope.interface==5.4.0 From 49b419e34eadcec91f809755fb12fe89fe9c6073 Mon Sep 17 00:00:00 2001 From: Fuhu Xia Date: Mon, 1 Apr 2024 17:36:41 -0400 Subject: [PATCH 2/2] ping lxml to 5.1.0 --- ckan/requirements.in | 4 ++++ ckan/requirements.txt | 8 ++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ckan/requirements.in b/ckan/requirements.in index fc2c213c..39b49cb7 100644 --- a/ckan/requirements.in +++ b/ckan/requirements.in @@ -128,3 +128,7 @@ importlib-resources<6.0 gevent>=23.9.0 jinja2>=3.1.3 cryptography>=42.0.4 + +# lxml beyond 5.1.0 show error module 'lxml.etree' has no attribute '_ElementStringResult' +# as in https://github.com/GSA/data.gov/issues/4681 +lxml==5.1.0 \ No newline at end of file diff --git a/ckan/requirements.txt b/ckan/requirements.txt index 3bdab4bf..78e43969 100644 --- a/ckan/requirements.txt +++ b/ckan/requirements.txt @@ -4,8 +4,8 @@ Babel==2.10.3 Beaker==1.11.0 bleach==5.0.1 blinker==1.5 -boto3==1.34.73 -botocore==1.34.73 +boto3==1.34.75 +botocore==1.34.75 certifi==2024.2.2 cffi==1.16.0 chardet==5.2.0 @@ -55,7 +55,7 @@ Jinja2==3.1.3 jmespath==1.0.1 json-table-schema==0.2.1 jsonschema==2.4.0 -lxml==5.1.1 +lxml==5.1.0 Mako==1.3.2 Markdown==3.4.1 MarkupSafe==2.1.5 @@ -78,7 +78,7 @@ progressbar2==3.53.3 psycopg2==2.9.3 pyasn1==0.6.0 pyasn1_modules==0.4.0 -pycparser==2.21 +pycparser==2.22 PyJWT==2.4.0 pyOpenSSL==24.1.0 pyparsing==3.1.2