From f7d290e47b17dcb828150d2552cb1c8aefe1f103 Mon Sep 17 00:00:00 2001 From: Adrienne Stilp Date: Mon, 24 Jun 2024 16:18:49 -0700 Subject: [PATCH 1/6] Update urllib to >=2.2.2 to fix security update --- requirements/requirements.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/requirements.in b/requirements/requirements.in index 619bf530..a818ba83 100644 --- a/requirements/requirements.in +++ b/requirements/requirements.in @@ -69,7 +69,7 @@ django-htmx # Temporary(?) pins to fix security alerts. certifi>=2023.7.22 -urllib3>=1.26.18 +urllib3>=2.2.2 sqlparse>=0.4.4 # Dynamic settings From cab0f72c896c1f86b5833299fe109a8894c737ba Mon Sep 17 00:00:00 2001 From: amstilp <3944584+amstilp@users.noreply.github.com> Date: Mon, 24 Jun 2024 23:20:25 +0000 Subject: [PATCH 2/6] Compile requirements files --- requirements/dev-requirements.txt | 2 +- requirements/requirements.txt | 2 +- requirements/test-requirements.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/dev-requirements.txt b/requirements/dev-requirements.txt index c270d0c4..a7a4782a 100644 --- a/requirements/dev-requirements.txt +++ b/requirements/dev-requirements.txt @@ -199,7 +199,7 @@ typing-extensions==4.8.0 # django-stubs-ext # ipython # mypy -urllib3==2.1.0 +urllib3==2.2.2 # via # -c requirements/requirements.txt # -c requirements/test-requirements.txt diff --git a/requirements/requirements.txt b/requirements/requirements.txt index b671983c..26aa10ff 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -220,7 +220,7 @@ typing-extensions==4.8.0 # via asgiref tzdata==2023.4 # via pandas -urllib3==2.1.0 +urllib3==2.2.2 # via # -r requirements/requirements.in # requests diff --git a/requirements/test-requirements.txt b/requirements/test-requirements.txt index eb583a61..ab01fbef 100644 --- a/requirements/test-requirements.txt +++ b/requirements/test-requirements.txt @@ -97,7 +97,7 @@ typing-extensions==4.8.0 # -c requirements/requirements.txt # django-test-migrations # faker -urllib3==2.1.0 +urllib3==2.2.2 # via # -c requirements/requirements.txt # requests From 36be49d4f0d392358eaecaa8e28439c67abd6be8 Mon Sep 17 00:00:00 2001 From: Adrienne Stilp Date: Mon, 24 Jun 2024 16:42:15 -0700 Subject: [PATCH 3/6] Update requests to fix security alert --- requirements/requirements.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/requirements.in b/requirements/requirements.in index a818ba83..7b0918f2 100644 --- a/requirements/requirements.in +++ b/requirements/requirements.in @@ -39,7 +39,7 @@ django-anvil-consortium-manager @ git+https://github.com/UW-GAC/django-anvil-con django-simple-history # Making HTTP requests to get dbgap study versions. -requests +requests>=2.32.0 # For json schema validation. jsonschema From 3f146e227b8a8305ca6be19332c238c7b359b4f8 Mon Sep 17 00:00:00 2001 From: amstilp <3944584+amstilp@users.noreply.github.com> Date: Mon, 24 Jun 2024 23:43:12 +0000 Subject: [PATCH 4/6] Compile requirements files --- requirements/dev-requirements.txt | 2 +- requirements/requirements.txt | 2 +- requirements/test-requirements.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/dev-requirements.txt b/requirements/dev-requirements.txt index a7a4782a..969326d9 100644 --- a/requirements/dev-requirements.txt +++ b/requirements/dev-requirements.txt @@ -131,7 +131,7 @@ pyyaml==6.0.1 # via # -c requirements/test-requirements.txt # pre-commit -requests==2.31.0 +requests==2.32.3 # via # -c requirements/requirements.txt # -c requirements/test-requirements.txt diff --git a/requirements/requirements.txt b/requirements/requirements.txt index 26aa10ff..c214c8b6 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -184,7 +184,7 @@ referencing==0.33.0 # via # jsonschema # jsonschema-specifications -requests==2.31.0 +requests==2.32.3 # via # -r requirements/requirements.in # django-allauth diff --git a/requirements/test-requirements.txt b/requirements/test-requirements.txt index ab01fbef..a3d73eca 100644 --- a/requirements/test-requirements.txt +++ b/requirements/test-requirements.txt @@ -75,7 +75,7 @@ python-dateutil==2.8.2 # freezegun pyyaml==6.0.1 # via responses -requests==2.31.0 +requests==2.32.3 # via # -c requirements/requirements.txt # responses From 1d5f6a3b9654b3a087d614a1daf715d83c75d688 Mon Sep 17 00:00:00 2001 From: Adrienne Stilp Date: Mon, 24 Jun 2024 16:58:24 -0700 Subject: [PATCH 5/6] Update idna to fix security alert --- requirements/requirements.in | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements/requirements.in b/requirements/requirements.in index 7b0918f2..5775f119 100644 --- a/requirements/requirements.in +++ b/requirements/requirements.in @@ -71,6 +71,7 @@ django-htmx certifi>=2023.7.22 urllib3>=2.2.2 sqlparse>=0.4.4 +idna>=3.7 # Dynamic settings django-constance From de42f87630a60e22eafc8802823bd94c5018b921 Mon Sep 17 00:00:00 2001 From: amstilp <3944584+amstilp@users.noreply.github.com> Date: Tue, 25 Jun 2024 00:06:27 +0000 Subject: [PATCH 6/6] Compile requirements files --- requirements/dev-requirements.txt | 2 +- requirements/requirements.txt | 6 ++++-- requirements/test-requirements.txt | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/requirements/dev-requirements.txt b/requirements/dev-requirements.txt index 969326d9..1bf8767c 100644 --- a/requirements/dev-requirements.txt +++ b/requirements/dev-requirements.txt @@ -60,7 +60,7 @@ filelock==3.13.1 # via virtualenv identify==2.5.34 # via pre-commit -idna==3.3 +idna==3.7 # via # -c requirements/requirements.txt # -c requirements/test-requirements.txt diff --git a/requirements/requirements.txt b/requirements/requirements.txt index c214c8b6..57feb16a 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -109,8 +109,10 @@ fontawesomefree==6.5.1 # via django-anvil-consortium-manager google-auth==2.28.1 # via django-anvil-consortium-manager -idna==3.3 - # via requests +idna==3.7 + # via + # -r requirements/requirements.in + # requests importlib-metadata==7.0.0 # via build importlib-resources==6.1.1 diff --git a/requirements/test-requirements.txt b/requirements/test-requirements.txt index a3d73eca..e321fb78 100644 --- a/requirements/test-requirements.txt +++ b/requirements/test-requirements.txt @@ -31,7 +31,7 @@ faker==23.2.1 # via factory-boy freezegun==1.5.1 # via -r requirements/test-requirements.in -idna==3.3 +idna==3.7 # via # -c requirements/requirements.txt # requests