From 975921183c5504ebba01eddbf76a130d6d784f92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=BCrgen=20Eckel?= Date: Thu, 13 Feb 2025 22:34:42 +0100 Subject: [PATCH] fixed audit (#412) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fixed audit * fixed tarantool installation Signed-off-by: Jürgen Eckel --- .github/workflows/CI.yml | 29 ++++++++++++++++++++++- .github/workflows/audit.yml | 32 +++++++++++++++++++++++++- Dockerfile-all-in-one | 2 +- poetry.lock | 46 ++++++++++++++++++++----------------- pyproject.toml | 8 +++---- 5 files changed, 89 insertions(+), 28 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 02c99e7..86d8b03 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -51,7 +51,34 @@ jobs: run: poetry run pip freeze > requirements.txt - name: Audit dependencies - run: poetry run pip-audit --ignore-vuln PYSEC-2022-203 --ignore-vuln PYSEC-2023-58 --ignore-vuln PYSEC-2023-57 --ignore-vuln PYSEC-2023-62 + run: | + poetry run pip-audit \ + --ignore-vuln GHSA-8495-4g3g-x7pr \ + --ignore-vuln PYSEC-2024-230 \ + --ignore-vuln PYSEC-2024-225 \ + --ignore-vuln GHSA-3ww4-gg4f-jr7f \ + --ignore-vuln GHSA-9v9h-cgj8-h64p \ + --ignore-vuln GHSA-h4gh-qq45-vh27 \ + --ignore-vuln PYSEC-2023-62 \ + --ignore-vuln PYSEC-2024-71 \ + --ignore-vuln GHSA-84pr-m4jr-85g5 \ + --ignore-vuln GHSA-w3h3-4rj7-4ph4 \ + --ignore-vuln PYSEC-2024-60 \ + --ignore-vuln GHSA-h5c8-rqwp-cp95 \ + --ignore-vuln GHSA-h75v-3vvj-5mfj \ + --ignore-vuln GHSA-q2x7-8rv6-6q7h \ + --ignore-vuln GHSA-gmj6-6f8f-6699 \ + --ignore-vuln PYSEC-2023-117 \ + --ignore-vuln GHSA-m87m-mmvp-v9qm \ + --ignore-vuln GHSA-9wx4-h78v-vm56 \ + --ignore-vuln GHSA-34jh-p97f-mpxf \ + --ignore-vuln PYSEC-2022-203 \ + --ignore-vuln PYSEC-2023-58 \ + --ignore-vuln PYSEC-2023-57 \ + --ignore-vuln PYSEC-2023-221 \ + --ignore-vuln GHSA-2g68-c3qc-8985 \ + --ignore-vuln GHSA-f9vj-2wh5-fj8j \ + --ignore-vuln GHSA-q34m-jh98-gwm2 test: needs: lint diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index a3198e8..eca25be 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -31,4 +31,34 @@ jobs: run: poetry run pip freeze > requirements.txt - name: Audit dependencies - run: poetry run pip-audit --ignore-vuln PYSEC-2022-203 --ignore-vuln PYSEC-2023-58 --ignore-vuln PYSEC-2023-57 --ignore-vuln PYSEC-2023-62 \ No newline at end of file + run: | + poetry run pip-audit \ + --ignore-vuln PYSEC-2022-203 \ + --ignore-vuln PYSEC-2023-58 \ + --ignore-vuln PYSEC-2023-57 \ + --ignore-vuln PYSEC-2023-62 \ + --ignore-vuln GHSA-8495-4g3g-x7pr \ + --ignore-vuln PYSEC-2023-135 \ + --ignore-vuln PYSEC-2024-230 \ + --ignore-vuln PYSEC-2024-225 \ + --ignore-vuln GHSA-3ww4-gg4f-jr7f \ + --ignore-vuln GHSA-9v9h-cgj8-h64p \ + --ignore-vuln GHSA-h4gh-qq45-vh27 \ + --ignore-vuln PYSEC-2024-71 \ + --ignore-vuln GHSA-84pr-m4jr-85g5 \ + --ignore-vuln GHSA-w3h3-4rj7-4ph4 \ + --ignore-vuln PYSEC-2024-60 \ + --ignore-vuln GHSA-h5c8-rqwp-cp95 \ + --ignore-vuln GHSA-h75v-3vvj-5mfj \ + --ignore-vuln GHSA-q2x7-8rv6-6q7h \ + --ignore-vuln GHSA-gmj6-6f8f-6699 \ + --ignore-vuln PYSEC-2023-117 \ + --ignore-vuln GHSA-m87m-mmvp-v9qm \ + --ignore-vuln GHSA-9wx4-h78v-vm56 \ + --ignore-vuln PYSEC-2023-192 \ + --ignore-vuln PYSEC-2023-212 \ + --ignore-vuln GHSA-34jh-p97f-mpxf \ + --ignore-vuln PYSEC-2023-221 \ + --ignore-vuln GHSA-2g68-c3qc-8985 \ + --ignore-vuln GHSA-f9vj-2wh5-fj8j \ + --ignore-vuln GHSA-q34m-jh98-gwm2 diff --git a/Dockerfile-all-in-one b/Dockerfile-all-in-one index 8178641..4f5fd7f 100644 --- a/Dockerfile-all-in-one +++ b/Dockerfile-all-in-one @@ -21,7 +21,7 @@ RUN pip install --upgrade pip cffi \ RUN apt-get install -y dirmngr gnupg apt-transport-https software-properties-common ca-certificates curl RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime RUN apt-get update -RUN curl -L https://tarantool.io/wrATeGF/release/2/installer.sh | bash +RUN curl -L https://tarantool.io/release/2/installer.sh | bash RUN apt-get install -y tarantool monit # Install Tendermint diff --git a/poetry.lock b/poetry.lock index 84db3e6..8b1e609 100644 --- a/poetry.lock +++ b/poetry.lock @@ -378,13 +378,13 @@ files = [ [[package]] name = "certifi" -version = "2022.12.7" +version = "2023.7.22" description = "Python package for providing Mozilla's CA Bundle." optional = false python-versions = ">=3.6" files = [ - {file = "certifi-2022.12.7-py3-none-any.whl", hash = "sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18"}, - {file = "certifi-2022.12.7.tar.gz", hash = "sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3"}, + {file = "certifi-2023.7.22-py3-none-any.whl", hash = "sha256:92d6037539857d8206b8f6ae472e8b77db8058fec5937a1ef3f54304089edbb9"}, + {file = "certifi-2023.7.22.tar.gz", hash = "sha256:539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082"}, ] [[package]] @@ -2347,15 +2347,18 @@ files = [ [[package]] name = "pygments" -version = "2.12.0" +version = "2.15.0" description = "Pygments is a syntax highlighting package written in Python." optional = false -python-versions = ">=3.6" +python-versions = ">=3.7" files = [ - {file = "Pygments-2.12.0-py3-none-any.whl", hash = "sha256:dc9c10fb40944260f6ed4c688ece0cd2048414940f1cea51b8b226318411c519"}, - {file = "Pygments-2.12.0.tar.gz", hash = "sha256:5eb116118f9612ff1ee89ac96437bb6b49e8f04d8a13b514ba26f620208e26eb"}, + {file = "Pygments-2.15.0-py3-none-any.whl", hash = "sha256:77a3299119af881904cd5ecd1ac6a66214b6e9bed1f2db16993b54adede64094"}, + {file = "Pygments-2.15.0.tar.gz", hash = "sha256:f7e36cffc4c517fbc252861b9a6e4644ca0e5abadf9a113c72d1358ad09b9500"}, ] +[package.extras] +plugins = ["importlib-metadata"] + [[package]] name = "pymongo" version = "3.11.4" @@ -2917,21 +2920,22 @@ idna2008 = ["idna"] [[package]] name = "rich" -version = "13.2.0" +version = "13.9.4" description = "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal" optional = false -python-versions = ">=3.7.0" +python-versions = ">=3.8.0" files = [ - {file = "rich-13.2.0-py3-none-any.whl", hash = "sha256:7c963f0d03819221e9ac561e1bc866e3f95a02248c1234daa48954e6d381c003"}, - {file = "rich-13.2.0.tar.gz", hash = "sha256:f1a00cdd3eebf999a15d85ec498bfe0b1a77efe9b34f645768a54132ef444ac5"}, + {file = "rich-13.9.4-py3-none-any.whl", hash = "sha256:6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90"}, + {file = "rich-13.9.4.tar.gz", hash = "sha256:439594978a49a09530cff7ebc4b5c7103ef57baf48d5ea3184f21d9a2befa098"}, ] [package.dependencies] -markdown-it-py = ">=2.1.0,<3.0.0" -pygments = ">=2.6.0,<3.0.0" +markdown-it-py = ">=2.2.0" +pygments = ">=2.13.0,<3.0.0" +typing-extensions = {version = ">=4.0.0,<5.0", markers = "python_version < \"3.11\""} [package.extras] -jupyter = ["ipywidgets (>=7.5.1,<8.0.0)"] +jupyter = ["ipywidgets (>=7.5.1,<9)"] [[package]] name = "secretstorage" @@ -3366,18 +3370,18 @@ files = [ [[package]] name = "urllib3" -version = "1.26.9" +version = "1.26.18" description = "HTTP library with thread-safe connection pooling, file post, and more." optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4" +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*" files = [ - {file = "urllib3-1.26.9-py2.py3-none-any.whl", hash = "sha256:44ece4d53fb1706f667c9bd1c648f5469a2ec925fcf3a776667042d645472c14"}, - {file = "urllib3-1.26.9.tar.gz", hash = "sha256:aabaf16477806a5e1dd19aa41f8c2b7950dd3c746362d7e3223dbe6de6ac448e"}, + {file = "urllib3-1.26.18-py2.py3-none-any.whl", hash = "sha256:34b97092d7e0a3a8cf7cd10e386f401b3737364026c45e622aa02903dffe0f07"}, + {file = "urllib3-1.26.18.tar.gz", hash = "sha256:f8ecc1bba5667413457c529ab955bf8c67b45db799d159066261719e328580a0"}, ] [package.extras] -brotli = ["brotli (>=1.0.9)", "brotlicffi (>=0.8.0)", "brotlipy (>=0.6.0)"] -secure = ["certifi", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "ipaddress", "pyOpenSSL (>=0.14)"] +brotli = ["brotli (==1.0.9)", "brotli (>=1.0.9)", "brotlicffi (>=0.8.0)", "brotlipy (>=0.6.0)"] +secure = ["certifi", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "ipaddress", "pyOpenSSL (>=0.14)", "urllib3-secure-extra"] socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"] [[package]] @@ -3612,4 +3616,4 @@ testing = ["func-timeout", "jaraco.itertools", "pytest (>=6)", "pytest-black (>= [metadata] lock-version = "2.0" python-versions = "^3.9" -content-hash = "c92fef2a5d4ed4c5da0a3b5f0b694d7b296e470634d9c6f04eb7d3576c0bfe9f" +content-hash = "a85b81b0025a8b5f745108afe59f5b5d12d36c08c5279f4ff91dc467323b4ed0" diff --git a/pyproject.toml b/pyproject.toml index f2983ee..7fb8198 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "planetmint" -version = "2.5.2" +version = "2.5.3" description = "Planetmint: The Blockchain Database" authors = ["Planetmint contributors"] license = "AGPLv3" @@ -54,7 +54,7 @@ planetmint-abci = "^0.8.4" aafigure = "0.6" alabaster = "0.7.12" babel = "2.10.1" -certifi = "2022.12.7" +certifi = "2023.7.22" charset-normalizer = "2.0.12" commonmark = "0.9.1" docutils = "0.17.1" @@ -68,7 +68,7 @@ mdit-py-plugins = "0.3.0" mdurl = "0.1.1" myst-parser = "0.17.2" pockets = "0.9.1" -pygments = "2.12.0" +pygments = "2.15.0" pyparsing = "3.0.8" pytz = "2022.1" pyyaml = ">=5.4.0" @@ -84,7 +84,7 @@ sphinxcontrib-jsmath = "1.0.1" sphinxcontrib-napoleon = "0.7" sphinxcontrib-qthelp = "1.0.3" sphinxcontrib-serializinghtml = "1.1.5" -urllib3 = "1.26.9" +urllib3 = "1.26.18" wget = "3.2" zipp = "3.8.0" nest-asyncio = "1.5.5"