From 241e38461d86c17286c2e6807a501fb532b5c01f Mon Sep 17 00:00:00 2001 From: shane knapp Date: Tue, 2 Jul 2024 13:05:21 -0700 Subject: [PATCH 1/7] squelch dependabot --- deployments/datahub/images/default/requirements.txt.disabled | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/datahub/images/default/requirements.txt.disabled b/deployments/datahub/images/default/requirements.txt.disabled index 98b6233a8..0c69d6921 100644 --- a/deployments/datahub/images/default/requirements.txt.disabled +++ b/deployments/datahub/images/default/requirements.txt.disabled @@ -5,7 +5,7 @@ git+https://github.com/yuvipanda/ok-client@6961d778741fe61911be4d00beff9bd8afc1e folium==0.12.1 # # r -jupyter-server-proxy==3.2.1 +jupyter-server-proxy==4.2.0 jupyter-rsession-proxy==2.0.1 jupyter-shiny-proxy==1.1 # From 982f82cf8ceb60d5fc4667327c12218da41167bb Mon Sep 17 00:00:00 2001 From: shane knapp Date: Tue, 2 Jul 2024 13:13:35 -0700 Subject: [PATCH 2/7] bump urllib3 --- deployments/a11y/image/environment.yml | 2 +- .../node-placeholder-scaler/requirements.in | 2 +- .../node-placeholder-scaler/requirements.txt | 19 ++++++++++--------- requirements.txt | 2 +- 4 files changed, 13 insertions(+), 12 deletions(-) diff --git a/deployments/a11y/image/environment.yml b/deployments/a11y/image/environment.yml index e966560f9..a6fbaaeb0 100644 --- a/deployments/a11y/image/environment.yml +++ b/deployments/a11y/image/environment.yml @@ -20,7 +20,7 @@ dependencies: - plotly==5.13.1 - pyopenssl==23.1.0 - requests==2.28.2 -- urllib3==1.26.15 +- urllib3==2.2.2 - websockify==0.11.0 - pip==23.0.1 - jupyterthemes==0.20.0 diff --git a/images/node-placeholder-scaler/requirements.in b/images/node-placeholder-scaler/requirements.in index 63da1e2a9..48a95bbfe 100644 --- a/images/node-placeholder-scaler/requirements.in +++ b/images/node-placeholder-scaler/requirements.in @@ -3,4 +3,4 @@ DateTime ical==5.0.0 requests ruamel.yaml -urllib3==2.0.7 +urllib3==2.2.2 diff --git a/images/node-placeholder-scaler/requirements.txt b/images/node-placeholder-scaler/requirements.txt index 1091ad7b0..a3afca6ac 100644 --- a/images/node-placeholder-scaler/requirements.txt +++ b/images/node-placeholder-scaler/requirements.txt @@ -1,10 +1,10 @@ # -# This file is autogenerated by pip-compile with Python 3.11 +# This file is autogenerated by pip-compile with Python 3.10 # by the following command: # # pip-compile requirements.in # -annotated-types==0.6.0 +annotated-types==0.7.0 # via pydantic certifi==2023.7.22 # via @@ -14,15 +14,15 @@ charset-normalizer==3.3.2 # via requests datetime==5.5 # via -r requirements.in -emoji==2.11.1 +emoji==2.12.1 # via ical ical==5.0.0 # via -r requirements.in idna==3.7 # via requests -pydantic==2.7.1 +pydantic==2.8.0 # via ical -pydantic-core==2.18.2 +pydantic-core==2.20.0 # via pydantic pyparsing==3.1.2 # via ical @@ -30,7 +30,7 @@ python-dateutil==2.9.0.post0 # via ical pytz==2024.1 # via datetime -requests==2.31.0 +requests==2.32.3 # via -r requirements.in ruamel-yaml==0.18.6 # via -r requirements.in @@ -38,17 +38,18 @@ ruamel-yaml-clib==0.2.8 # via ruamel-yaml six==1.16.0 # via python-dateutil -typing-extensions==4.11.0 +typing-extensions==4.12.2 # via + # emoji # pydantic # pydantic-core tzdata==2024.1 # via ical -urllib3==2.0.7 +urllib3==2.2.2 # via # -r requirements.in # requests -zope-interface==6.3 +zope-interface==6.4.post2 # via datetime # The following packages are considered to be unsafe in a requirements file: diff --git a/requirements.txt b/requirements.txt index 79bd808f8..b46b6945e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9,4 +9,4 @@ myst-parser chardet # requests==2.31.0 requests<2.29.0 -urllib3<2.0 +urllib3s==2.2.2 From a9286749506496f3b09eea1d453bef3cee2f9950 Mon Sep 17 00:00:00 2001 From: shane knapp Date: Tue, 2 Jul 2024 13:16:02 -0700 Subject: [PATCH 3/7] python 3.11 --- images/node-placeholder-scaler/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/node-placeholder-scaler/requirements.txt b/images/node-placeholder-scaler/requirements.txt index a3afca6ac..41bcf3d5f 100644 --- a/images/node-placeholder-scaler/requirements.txt +++ b/images/node-placeholder-scaler/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.10 +# This file is autogenerated by pip-compile with Python 3.11 # by the following command: # # pip-compile requirements.in From 0610800b5551ede40f831d7248a0b53c13ddaa37 Mon Sep 17 00:00:00 2001 From: shane knapp Date: Tue, 2 Jul 2024 13:19:17 -0700 Subject: [PATCH 4/7] fat finger fix --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index b46b6945e..5db4014e9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9,4 +9,4 @@ myst-parser chardet # requests==2.31.0 requests<2.29.0 -urllib3s==2.2.2 +urllib3==2.2.2 From 0fd60c2f15d17335b875b1966033077ea0c2e91e Mon Sep 17 00:00:00 2001 From: shane knapp Date: Tue, 2 Jul 2024 14:04:06 -0700 Subject: [PATCH 5/7] bumping requests --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 5db4014e9..ba67b08a4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -8,5 +8,5 @@ jupyter-repo2docker==2024.3.0 myst-parser chardet # requests==2.31.0 -requests<2.29.0 +requests==2.32.3 urllib3==2.2.2 From 6e3fb747215bfdaffee54300ac2678eeee40e8ee Mon Sep 17 00:00:00 2001 From: shane knapp Date: Tue, 2 Jul 2024 14:57:09 -0700 Subject: [PATCH 6/7] bump requests here --- deployments/a11y/image/environment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/a11y/image/environment.yml b/deployments/a11y/image/environment.yml index a6fbaaeb0..704258ef6 100644 --- a/deployments/a11y/image/environment.yml +++ b/deployments/a11y/image/environment.yml @@ -19,7 +19,7 @@ dependencies: - numpy==1.24.2 - plotly==5.13.1 - pyopenssl==23.1.0 -- requests==2.28.2 +- requests==2.32.3 - urllib3==2.2.2 - websockify==0.11.0 - pip==23.0.1 From 2806ced2423f56ae5cd1c7326cd7cebb7717d41b Mon Sep 17 00:00:00 2001 From: shane knapp Date: Mon, 8 Jul 2024 11:15:00 -0700 Subject: [PATCH 7/7] addresses https://github.com/berkeley-dsep-infra/datahub/security/dependabot/186 --- images/node-placeholder-scaler/requirements.in | 2 +- images/node-placeholder-scaler/requirements.txt | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/images/node-placeholder-scaler/requirements.in b/images/node-placeholder-scaler/requirements.in index 48a95bbfe..f92f4c0d1 100644 --- a/images/node-placeholder-scaler/requirements.in +++ b/images/node-placeholder-scaler/requirements.in @@ -1,4 +1,4 @@ -certifi==2023.7.22 +certifi==2024.07.04 DateTime ical==5.0.0 requests diff --git a/images/node-placeholder-scaler/requirements.txt b/images/node-placeholder-scaler/requirements.txt index 41bcf3d5f..51ad5c580 100644 --- a/images/node-placeholder-scaler/requirements.txt +++ b/images/node-placeholder-scaler/requirements.txt @@ -6,7 +6,7 @@ # annotated-types==0.7.0 # via pydantic -certifi==2023.7.22 +certifi==2024.7.4 # via # -r requirements.in # requests @@ -20,9 +20,9 @@ ical==5.0.0 # via -r requirements.in idna==3.7 # via requests -pydantic==2.8.0 +pydantic==2.8.2 # via ical -pydantic-core==2.20.0 +pydantic-core==2.20.1 # via pydantic pyparsing==3.1.2 # via ical