Merge pull request #313 from maykinmedia/issue/security-updates

⬆️ [maykinmedia/open-api-framework#93] Security updates
maykinmedia · Jan 16, 2025 · f3aed0d · f3aed0d
2 parents e6a3ea4 + 7fa9317
commit f3aed0d
Show file tree

Hide file tree

Showing 9 changed files with 624 additions and 252 deletions.
diff --git a/.github/workflows/oaf-check.yml b/.github/workflows/oaf-check.yml
@@ -6,15 +6,14 @@ on:
       - master
     tags:
       - '*'
-  pull_request:
   workflow_dispatch:
   schedule:
     - cron: '0 7 * * 1'
 
 
 jobs:
   open-api-workflow-check-oas:
-    uses: maykinmedia/open-api-workflows/.github/workflows/oaf-check.yml@v2
+    uses: maykinmedia/open-api-workflows/.github/workflows/oaf-check.yml@v4
 
     with:
       python-version: '3.11'

diff --git a/bin/compile_dependencies.sh b/bin/compile_dependencies.sh
@@ -1,45 +1,38 @@
-#!/bin/bash
-
+#!/bin/sh
 #
 # Compile the dependencies for production, CI and development.
 #
 # Usage, in the root of the project:
 #
 #     ./bin/compile_dependencies.sh
 #
-# Any extra flags/arguments passed to this wrapper script are passed down to pip-compile.
+# Any extra flags/arguments passed to this wrapper script are passed down to uv pip compile.
 # E.g. to update a package:
 #
 #     ./bin/compile_dependencies.sh --upgrade-package django
-
 set -ex
 
-toplevel=$(git rev-parse --show-toplevel)
+command -v uv || (echo "uv not found on PATH. Install it https://astral.sh/uv" >&2 && exit 1)
 
-cd $toplevel
+root_dir=$(git rev-parse --show-toplevel)
 
-export CUSTOM_COMPILE_COMMAND="./bin/compile_dependencies.sh"
+export UV_CUSTOM_COMPILE_COMMAND="./bin/compile_dependencies.sh"
 
 # Base (& prod) deps
-pip-compile \
-    --no-emit-index-url \
+uv pip compile \
+    --output-file "$root_dir/requirements/base.txt" \
     "$@" \
-    requirements/base.in
+    "$root_dir/requirements/base.in"
 
 # Dependencies for testing
-pip-compile \
-    --no-emit-index-url \
-    --output-file requirements/ci.txt \
+uv pip compile \
+    --output-file "$root_dir/requirements/ci.txt" \
     "$@" \
-    requirements/base.txt \
-    requirements/test-tools.in \
-    requirements/ci.in
+    "$root_dir/requirements/test-tools.in" \
+    "$root_dir/requirements/docs.in"
 
 # Dev depedencies - exact same set as CI + some extra tooling
-pip-compile \
-    --no-emit-index-url \
-    --output-file requirements/dev.txt \
+uv pip compile \
+    --output-file "$root_dir/requirements/dev.txt" \
     "$@" \
-    requirements/base.txt \
-    requirements/test-tools.in \
-    requirements/dev.in
+    "$root_dir/requirements/dev.in"
diff --git a/requirements/base.txt b/requirements/base.txt
@@ -1,9 +1,5 @@
-#
-# This file is autogenerated by pip-compile with Python 3.11
-# by the following command:
-#
+# This file was autogenerated by uv via the following command:
 #    ./bin/compile_dependencies.sh
-#
 amqp==5.2.0
     # via kombu
 annotated-types==0.7.0
@@ -74,7 +70,7 @@ cryptography==43.0.0
     #   mozilla-django-oidc
     #   pyopenssl
     #   webauthn
-django==4.2.15
+django==4.2.17
     # via
     #   commonground-api-common
     #   django-admin-index
@@ -167,7 +163,7 @@ django-solo==2.3.0
     #   mozilla-django-oidc-db
     #   notifications-api-common
     #   zgw-consumers
-django-two-factor-auth[phonenumberslite,webauthn]==1.16.0
+django-two-factor-auth==1.16.0
     # via maykin-2fa
 djangorestframework==3.15.2
     # via
@@ -189,7 +185,7 @@ djangorestframework-inclusions==1.2.0
     # via open-api-framework
 drf-nested-routers==0.94.1
     # via commonground-api-common
-drf-spectacular[sidecar]==0.27.2
+drf-spectacular==0.27.2
     # via open-api-framework
 drf-spectacular-sidecar==2024.7.1
     # via drf-spectacular
@@ -221,7 +217,7 @@ isodate==0.6.1
     # via commonground-api-common
 itypes==1.2.0
     # via coreapi
-jinja2==3.1.4
+jinja2==3.1.5
     # via coreschema
 josepy==1.14.0
     # via mozilla-django-oidc
@@ -237,13 +233,13 @@ maykin-2fa==1.0.1
     # via open-api-framework
 mozilla-django-oidc==4.0.1
     # via mozilla-django-oidc-db
-mozilla-django-oidc-db[setup-configuration]==0.21.1
+mozilla-django-oidc-db==0.21.1
     # via
     #   -r requirements/base.in
     #   open-api-framework
 notifications-api-common==0.3.1
     # via commonground-api-common
-open-api-framework==0.9.1
+open-api-framework==0.9.2
     # via -r requirements/base.in
 orderedmultidict==1.0.1
     # via furl
@@ -267,7 +263,7 @@ pydantic==2.10.2
     #   pydantic-settings
 pydantic-core==2.27.1
     # via pydantic
-pydantic-settings[yaml]==2.6.1
+pydantic-settings==2.6.1
     # via django-setup-configuration
 pyjwt==2.9.0
     # via
@@ -334,7 +330,7 @@ six==1.16.0
     #   python-dateutil
 sqlparse==0.5.1
     # via django
-tornado==6.4.1
+tornado==6.4.2
     # via flower
 typing-extensions==4.12.2
     # via

diff --git a/requirements/ci.in b/requirements/ci.in