⬆️ 🔒️ Upgrades vulnerable libraries (ITISFoundation#4742)

api/tests/requirements.txt

@@ -21,7 +21,9 @@ attrs==23.1.0
     #   jsonschema
     #   referencing
 certifi==2023.7.22
-    # via requests
+    # via
+    #   -c ../../requirements/constraints.txt
+    #   requests
 charset-normalizer==3.2.0
     # via
     #   aiohttp

packages/dask-task-models-library/requirements/_base.txt

@@ -51,6 +51,8 @@ markupsafe==2.1.3
     # via jinja2
 msgpack==1.0.5
     # via distributed
+orjson==3.9.7
+    # via -r requirements/../../../packages/models-library/requirements/_base.in
 packaging==23.1
     # via
     #   dask

packages/postgres-database/requirements/_migration.txt

@@ -9,7 +9,9 @@ alembic==1.11.2
     #   -c requirements/_base.txt
     #   -r requirements/_migration.in
 certifi==2023.7.22
-    # via requests
+    # via
+    #   -c requirements/../../../requirements/constraints.txt
+    #   requests
 charset-normalizer==3.2.0
     # via requests
 click==8.1.6

packages/service-integration/requirements/_base.txt

@@ -11,7 +11,10 @@ attrs==23.1.0
     #   jsonschema
     #   referencing
 certifi==2023.7.22
-    # via requests
+    # via
+    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../requirements/constraints.txt
+    #   requests
 charset-normalizer==3.2.0
     # via requests
 click==8.1.6
@@ -44,6 +47,8 @@ markdown-it-py==3.0.0
     # via rich
 mdurl==0.1.2
     # via markdown-it-py
+orjson==3.9.7
+    # via -r requirements/../../../packages/models-library/requirements/_base.in
 packaging==23.1
     # via
     #   docker

packages/service-library/requirements/_aiohttp.txt

@@ -34,7 +34,11 @@ attrs==23.1.0
     #   jsonschema
     #   referencing
 certifi==2023.7.22
-    # via requests
+    # via
+    #   -c requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/./../../../requirements/constraints.txt
+    #   requests
 charset-normalizer==3.2.0
     # via
     #   aiohttp
@@ -95,6 +99,8 @@ openapi-schema-validator==0.6.0
     #   openapi-spec-validator
 openapi-spec-validator==0.6.0
     # via openapi-core
+orjson==3.9.7
+    # via -r requirements/./../../../packages/models-library/requirements/_base.in
 parse==1.19.1
     # via openapi-core
 pathable==0.4.3

packages/service-library/requirements/_base.txt

@@ -63,6 +63,8 @@ multidict==6.0.4
     # via
     #   aiohttp
     #   yarl
+orjson==3.9.7
+    # via -r requirements/../../../packages/models-library/requirements/_base.in
 pamqp==3.2.1
     # via aiormq
 pydantic==1.10.12

packages/service-library/requirements/_fastapi.txt

@@ -18,6 +18,9 @@ attrs==23.1.0
     #   referencing
 certifi==2023.7.22
     # via
+    #   -c requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/./../../../requirements/constraints.txt
     #   httpcore
     #   httpx
 click==8.1.6
@@ -61,6 +64,8 @@ markdown-it-py==3.0.0
     # via rich
 mdurl==0.1.2
     # via markdown-it-py
+orjson==3.9.7
+    # via -r requirements/./../../../packages/models-library/requirements/_base.in
 pydantic==1.10.12
     # via
     #   -c requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt

packages/service-library/requirements/_test.txt

@@ -33,6 +33,7 @@ attrs==23.1.0
     #   referencing
 certifi==2023.7.22
     # via
+    #   -c requirements/../../../requirements/constraints.txt
     #   -c requirements/_aiohttp.txt
     #   -c requirements/_fastapi.txt
     #   requests

packages/simcore-sdk/requirements/_base.txt

@@ -96,6 +96,10 @@ multidict==6.0.4
     # via
     #   aiohttp
     #   yarl
+orjson==3.9.7
+    # via
+    #   -r requirements/../../../packages/models-library/requirements/_base.in
+    #   -r requirements/../../../packages/service-library/requirements/../../../packages/models-library/requirements/_base.in
 packaging==23.1
     # via -r requirements/_base.in
 pamqp==3.2.1

packages/simcore-sdk/requirements/_test.txt

@@ -62,6 +62,7 @@ botocore==1.24.21
     #   s3transfer
 certifi==2023.7.22
     # via
+    #   -c requirements/../../../requirements/constraints.txt
     #   minio
     #   requests
 cffi==1.15.1

requirements/constraints.txt

@@ -10,7 +10,8 @@
 # Vulnerabilities -----------------------------------------------------------------------------------------
 #
 aiohttp>=3.7.4                                # https://github.com/advisories/GHSA-v6wp-4m6f-gcjg
-cryptography>=39.0.1                          # https://github.com/advisories/GHSA-x4qr-2fvf-3mr5  Mar.2023
+certifi>=2023.7.22                            # https://github.com/advisories/GHSA-xqr8-7jwr-rhp7
+cryptography>=41.0.2                          # https://github.com/advisories/GHSA-cf7p-gm2m-833m
 httpx>=0.23.0                                 # https://github.com/advisories/GHSA-h8pj-cxx2-jfg2 / CVE-2021-41945
 jinja2>=2.11.3                                # https://github.com/advisories/GHSA-g3rq-g295-4j3m
 mako>=1.2.2                                   # https://github.com/advisories/GHSA-v973-fxgf-6xhp

services/agent/requirements/_base.txt

@@ -84,6 +84,10 @@ multidict==6.0.2
     # via
     #   aiohttp
     #   yarl
+orjson==3.9.7
+    # via
+    #   -r requirements/../../../packages/models-library/requirements/_base.in
+    #   -r requirements/../../../packages/service-library/requirements/../../../packages/models-library/requirements/_base.in
 packaging==23.1
     # via -r requirements/_base.in
 pamqp==3.2.1
@@ -150,6 +154,8 @@ starlette==0.27.0
     #   fastapi
 tenacity==8.1.0
     # via -r requirements/../../../packages/service-library/requirements/_base.in
+toolz==0.12.0
+    # via -r requirements/../../../packages/service-library/requirements/_base.in
 tqdm==4.64.1
     # via -r requirements/../../../packages/service-library/requirements/_base.in
 typer==0.6.1

services/agent/requirements/_test.txt

@@ -57,6 +57,7 @@ botocore==1.24.21
     #   s3transfer
 certifi==2023.7.22
     # via
+    #   -c requirements/../../../requirements/constraints.txt
     #   httpcore
     #   httpx
     #   requests

services/api-server/requirements/_base.txt

@@ -6,24 +6,7 @@
 #
 aio-pika==9.1.2
     # via
-    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/postgres-database/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
     #   -c requirements/../../../packages/service-library/requirements/./_base.in
-    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/postgres-database/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/service-library/requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/service-library/requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/service-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../requirements/constraints.txt
     #   -r requirements/../../../packages/service-library/requirements/_base.in
     #   -r requirements/../../../packages/simcore-sdk/requirements/../../../packages/service-library/requirements/_base.in
 aiocache==0.12.1
@@ -104,8 +87,25 @@ attrs==21.4.0
     # via
     #   aiohttp
     #   jsonschema
-certifi==2023.5.7
+certifi==2023.7.22
     # via
+    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/postgres-database/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/postgres-database/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/service-library/requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/service-library/requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/service-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../requirements/constraints.txt
     #   httpcore
     #   httpx
 cffi==1.15.1
@@ -116,7 +116,7 @@ click==8.1.3
     # via
     #   typer
     #   uvicorn
-cryptography==41.0.1
+cryptography==41.0.3
     # via
     #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
     #   -c requirements/../../../packages/postgres-database/requirements/../../../requirements/constraints.txt
@@ -274,6 +274,11 @@ multidict==6.0.4
     #   yarl
 orjson==3.9.1
     # via
+    #   -r requirements/../../../packages/models-library/requirements/_base.in
+    #   -r requirements/../../../packages/service-library/requirements/../../../packages/models-library/requirements/_base.in
+    #   -r requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/_base.in
+    #   -r requirements/../../../packages/simcore-sdk/requirements/../../../packages/models-library/requirements/_base.in
+    #   -r requirements/../../../packages/simcore-sdk/requirements/../../../packages/service-library/requirements/../../../packages/models-library/requirements/_base.in
     #   -r requirements/_base.in
     #   fastapi
 packaging==23.1

services/api-server/requirements/_test.txt

@@ -57,8 +57,9 @@ botocore==1.31.26
     #   s3transfer
 botocore-stubs==1.31.23
     # via boto3-stubs
-certifi==2023.5.7
+certifi==2023.7.22
     # via
+    #   -c requirements/../../../requirements/constraints.txt
     #   -c requirements/_base.txt
     #   httpcore
     #   httpx
@@ -83,7 +84,7 @@ click==8.1.3
     #   flask
 coverage==7.3.0
     # via pytest-cov
-cryptography==41.0.1
+cryptography==41.0.3
     # via
     #   -c requirements/../../../requirements/constraints.txt
     #   -c requirements/_base.txt

services/autoscaling/requirements/_base.txt

@@ -72,8 +72,17 @@ botocore==1.27.59
     #   s3transfer
 botocore-stubs==1.29.78
     # via types-aiobotocore
-certifi==2022.12.7
+certifi==2023.7.22
     # via
+    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../requirements/constraints.txt
     #   httpcore
     #   httpx
 charset-normalizer==3.0.1
@@ -144,6 +153,11 @@ multidict==6.0.4
     # via
     #   aiohttp
     #   yarl
+orjson==3.9.7
+    # via
+    #   -r requirements/../../../packages/models-library/requirements/_base.in
+    #   -r requirements/../../../packages/service-library/requirements/../../../packages/models-library/requirements/_base.in
+    #   -r requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/_base.in
 packaging==23.0
     # via -r requirements/_base.in
 pamqp==3.2.1
@@ -238,6 +252,10 @@ tenacity==8.2.1
     # via
     #   -c requirements/../../../packages/service-library/requirements/./_base.in
     #   -r requirements/../../../packages/service-library/requirements/_base.in
+toolz==0.12.0
+    # via
+    #   -c requirements/../../../packages/service-library/requirements/./_base.in
+    #   -r requirements/../../../packages/service-library/requirements/_base.in
 tqdm==4.64.1
     # via
     #   -c requirements/../../../packages/service-library/requirements/./_base.in

services/autoscaling/requirements/_test.txt

@@ -38,8 +38,9 @@ botocore==1.27.59
     #   boto3
     #   moto
     #   s3transfer
-certifi==2022.12.7
+certifi==2023.7.22
     # via
+    #   -c requirements/../../../requirements/constraints.txt
     #   -c requirements/_base.txt
     #   httpcore
     #   httpx

services/catalog/requirements/_base.txt

@@ -70,8 +70,18 @@ attrs==21.4.0
     # via
     #   aiohttp
     #   jsonschema
-certifi==2022.12.7
+certifi==2023.7.22
     # via
+    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/postgres-database/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../requirements/constraints.txt
     #   httpcore
     #   httpx
 charset-normalizer==2.0.12
@@ -183,7 +193,11 @@ multidict==6.0.2
     #   aiohttp
     #   yarl
 orjson==3.7.2
-    # via fastapi
+    # via
+    #   -r requirements/../../../packages/models-library/requirements/_base.in
+    #   -r requirements/../../../packages/service-library/requirements/../../../packages/models-library/requirements/_base.in
+    #   -r requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/_base.in
+    #   fastapi
 packaging==23.1
     # via -r requirements/_base.in
 pamqp==3.2.1
@@ -306,6 +320,10 @@ tenacity==8.0.1
     #   -c requirements/../../../packages/service-library/requirements/./_base.in
     #   -r requirements/../../../packages/service-library/requirements/_base.in
     #   -r requirements/_base.in
+toolz==0.12.0
+    # via
+    #   -c requirements/../../../packages/service-library/requirements/./_base.in
+    #   -r requirements/../../../packages/service-library/requirements/_base.in
 tqdm==4.64.0
     # via
     #   -c requirements/../../../packages/service-library/requirements/./_base.in

services/catalog/requirements/_test.txt

@@ -31,8 +31,9 @@ attrs==21.4.0
     #   aiohttp
     #   jsonschema
     #   pytest-docker
-certifi==2022.12.7
+certifi==2023.7.22
     # via
+    #   -c requirements/../../../requirements/constraints.txt
     #   -c requirements/_base.txt
     #   httpcore
     #   httpx

services/clusters-keeper/requirements/_base.txt

@@ -75,6 +75,15 @@ botocore-stubs==1.31.36
     # via types-aiobotocore
 certifi==2023.7.22
     # via
+    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../requirements/constraints.txt
     #   httpcore
     #   httpx
 charset-normalizer==3.2.0

services/clusters-keeper/requirements/_test.txt

@@ -57,6 +57,7 @@ botocore==1.31.17
     #   s3transfer
 certifi==2023.7.22
     # via
+    #   -c requirements/../../../requirements/constraints.txt
     #   -c requirements/_base.txt
     #   httpcore
     #   httpx