From 1814a2c38ff08b2a04d6cdae9168a3be2cc1a853 Mon Sep 17 00:00:00 2001
From: Stefan Weil <sw@weilnetz.de>
Date: Wed, 6 Sep 2023 09:40:57 +0200
Subject: [PATCH 1/4] Update Pillow to fix critical security issues

Signed-off-by: Stefan Weil <sw@weilnetz.de>
---
 requirements.in | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/requirements.in b/requirements.in
index 71ede8cb..87e877d8 100644
--- a/requirements.in
+++ b/requirements.in
@@ -1,10 +1,6 @@
 werkzeug >= 0.11.4
 
-# We put an upper bound on the version of Pillow so we can cope with
-# JPEG-compressed TIFFs.
-#
-# See https://github.com/loris-imageserver/loris/issues/405
-pillow >= 2.4.0, < 7.0
+Pillow >= 9.2.0
 
 configobj >= 4.7.2,<=5.0.0
 requests >= 2.12.0

From 79dd47d85b73de2e6fb826d2327816a0898848c6 Mon Sep 17 00:00:00 2001
From: Stefan Weil <sw@weilnetz.de>
Date: Thu, 7 Sep 2023 15:13:51 +0200
Subject: [PATCH 2/4] Limit importlib-metadata to versions before 5.0.0

Newer versions cause a failure:

Run flake8 --select=F --ignore=F841
Traceback (most recent call last):
  File "/opt/hostedtoolcache/Python/3.7.17/x64/bin/flake8", line 8, in <module>
    sys.exit(main())
  File "/opt/hostedtoolcache/Python/3.7.17/x64/lib/python3.7/site-packages/flake8/main/cli.py", line 22, in main
    app.run(argv)
  File "/opt/hostedtoolcache/Python/3.7.17/x64/lib/python3.7/site-packages/flake8/main/application.py", line 363, in run
    self._run(argv)
  File "/opt/hostedtoolcache/Python/3.7.17/x64/lib/python3.7/site-packages/flake8/main/application.py", line 350, in _run
    self.initialize(argv)
  File "/opt/hostedtoolcache/Python/3.7.17/x64/lib/python3.7/site-packages/flake8/main/application.py", line 330, in initialize
    self.find_plugins(config_finder)
  File "/opt/hostedtoolcache/Python/3.7.17/x64/lib/python3.7/site-packages/flake8/main/application.py", line 153, in find_plugins
    self.check_plugins = plugin_manager.Checkers(local_plugins.extension)
  File "/opt/hostedtoolcache/Python/3.7.17/x64/lib/python3.7/site-packages/flake8/plugins/manager.py", line 357, in __init__
    self.namespace, local_plugins=local_plugins
  File "/opt/hostedtoolcache/Python/3.7.17/x64/lib/python3.7/site-packages/flake8/plugins/manager.py", line 238, in __init__
    self._load_entrypoint_plugins()
  File "/opt/hostedtoolcache/Python/3.7.17/x64/lib/python3.7/site-packages/flake8/plugins/manager.py", line 254, in _load_entrypoint_plugins
    eps = importlib_metadata.entry_points().get(self.namespace, ())
AttributeError: 'EntryPoints' object has no attribute 'get'
Error: Process completed with exit code 1.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
---
 requirements.in | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/requirements.in b/requirements.in
index 87e877d8..94c2433d 100644
--- a/requirements.in
+++ b/requirements.in
@@ -10,3 +10,6 @@ cryptography >= 2.0.3
 
 # We use `attr.ib(converter=callable)` which was added in 17.4.0.
 attrs >= 17.4.0
+
+# Newer versions of importlib-metadata cause failure with flake8.
+importlib-metadata < 5.0.0

From b3d73fb5474ba01fe06300baf8fbd047af23402b Mon Sep 17 00:00:00 2001
From: Stefan Weil <sw@weilnetz.de>
Date: Thu, 7 Sep 2023 15:42:20 +0200
Subject: [PATCH 3/4] Limit werkzeug to versions before 2.1.0

Newer versions cause a CI failure:

_____________________ ERROR collecting tests/img_info_t.py _____________________
ImportError while importing test module '/home/runner/work/loris/loris/tests/img_info_t.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
tests/img_info_t.py:15: in <module>
    from tests import loris_t
tests/loris_t.py:12: in <module>
    from werkzeug.wrappers import BaseResponse
E   ImportError: cannot import name 'BaseResponse' from 'werkzeug.wrappers' (/opt/hostedtoolcache/Python/3.9.18/x64/lib/python3.9/site-packages/werkzeug/wrappers/__init__.py)
[...]

Signed-off-by: Stefan Weil <sw@weilnetz.de>
---
 requirements.in | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/requirements.in b/requirements.in
index 94c2433d..adf60eb6 100644
--- a/requirements.in
+++ b/requirements.in
@@ -1,5 +1,3 @@
-werkzeug >= 0.11.4
-
 Pillow >= 9.2.0
 
 configobj >= 4.7.2,<=5.0.0
@@ -13,3 +11,6 @@ attrs >= 17.4.0
 
 # Newer versions of importlib-metadata cause failure with flake8.
 importlib-metadata < 5.0.0
+
+# Newer versions of werkzeug cause a failure with "coverage run".
+werkzeug < 2.1.0

From 726e73bcfabc96c9fc92ae3821100ebccf476140 Mon Sep 17 00:00:00 2001
From: Stefan Weil <sw@weilnetz.de>
Date: Wed, 6 Sep 2023 09:41:35 +0200
Subject: [PATCH 4/4] Generate requirement files with latest packages and
 Python 3.7

This fixes more security issues.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
---
 requirements.txt      | 38 ++++++++++++++-------------
 requirements_test.txt | 60 +++++++++++++++++++++----------------------
 2 files changed, 50 insertions(+), 48 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 074db9bb..8061c193 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,22 +1,24 @@
 #
-# This file is autogenerated by pip-compile
-# To update, run:
+# This file is autogenerated by pip-compile with Python 3.7
+# by the following command:
 #
-#    pip-compile requirements.in
+#    pip-compile --annotation-style=line --resolver=backtracking requirements.in
 #
-asn1crypto==0.24.0        # via cryptography
-attrs==20.2.0             # via -r requirements.in
-certifi==2018.1.18        # via requests
-cffi==1.14.3              # via cryptography
-chardet==3.0.4            # via requests
+
+attrs==23.1.0             # via -r requirements.in
+certifi==2023.7.22        # via requests
+cffi==1.15.1              # via cryptography
+charset-normalizer==3.2.0  # via requests
 configobj==5.0.0          # via -r requirements.in
-cryptography==2.3         # via -r requirements.in
-idna==2.6                 # via cryptography, requests
-netaddr==0.7.19           # via -r requirements.in
-pillow==6.2.0             # via -r requirements.in
-pycparser==2.18           # via cffi
-pyjwt==1.5.3              # via -r requirements.in
-requests==2.20.0          # via -r requirements.in
-six==1.11.0               # via cryptography
-urllib3==1.22             # via requests
-werkzeug==0.15.3          # via -r requirements.in
+cryptography==41.0.3      # via -r requirements.in
+idna==3.4                 # via requests
+importlib-metadata==4.13.0  # via -r requirements.in, attrs
+netaddr==0.8.0            # via -r requirements.in
+pillow==9.5.0             # via -r requirements.in
+pycparser==2.21           # via cffi
+pyjwt==2.8.0              # via -r requirements.in
+requests==2.31.0          # via -r requirements.in
+typing-extensions==4.7.1  # via importlib-metadata, pyjwt
+urllib3==2.0.4            # via requests
+werkzeug==2.0.3           # via -r requirements.in
+zipp==3.15.0              # via importlib-metadata
diff --git a/requirements_test.txt b/requirements_test.txt
index 5584b826..e7853c8e 100644
--- a/requirements_test.txt
+++ b/requirements_test.txt
@@ -1,38 +1,38 @@
 #
-# This file is autogenerated by pip-compile
-# To update, run:
+# This file is autogenerated by pip-compile with Python 3.7
+# by the following command:
 #
-#    pip-compile requirements_test.in
+#    pip-compile --annotation-style=line --resolver=backtracking requirements_test.in
 #
-asn1crypto==0.24.0        # via -r requirements.txt, cryptography
-attrs==20.2.0             # via -r requirements.txt, hypothesis
-certifi==2018.1.18        # via -r requirements.txt, requests
-cffi==1.14.3              # via -r requirements.txt, cryptography
-chardet==3.0.4            # via -r requirements.txt, requests
+
+attrs==23.1.0             # via -r requirements.txt, hypothesis
+certifi==2023.7.22        # via -r requirements.txt, requests
+cffi==1.15.1              # via -r requirements.txt, cryptography
+charset-normalizer==3.2.0  # via -r requirements.txt, requests
 configobj==5.0.0          # via -r requirements.txt
 coverage==4.4.1           # via -r requirements_test.in, pytest-cov
-cryptography==2.3         # via -r requirements.txt
-flake8==3.8.4             # via -r requirements_test.in
-hypothesis==5.37.1        # via -r requirements_test.in
-idna==2.6                 # via -r requirements.txt, cryptography, requests
+cryptography==41.0.3      # via -r requirements.txt
+exceptiongroup==1.1.3     # via hypothesis
+flake8==3.9.2             # via -r requirements_test.in
+hypothesis==6.79.4        # via -r requirements_test.in
+idna==3.4                 # via -r requirements.txt, requests
+importlib-metadata==4.13.0  # via -r requirements.txt, attrs, flake8
 mccabe==0.6.1             # via flake8
-mock==2.0.0               # via responses
-netaddr==0.7.19           # via -r requirements.txt
-pbr==3.1.1                # via mock
-pillow==6.2.0             # via -r requirements.txt
-py==1.5.2                 # via pytest
-pycodestyle==2.6.0        # via flake8
-pycparser==2.18           # via -r requirements.txt, cffi
-pyflakes==2.2.0           # via flake8
-pyjwt==1.5.3              # via -r requirements.txt
-pytest-cov==2.5.1         # via -r requirements_test.in
+mock==5.1.0               # via responses
+netaddr==0.8.0            # via -r requirements.txt
+pillow==9.5.0             # via -r requirements.txt
+py==1.11.0                # via pytest
+pycodestyle==2.7.0        # via flake8
+pycparser==2.21           # via -r requirements.txt, cffi
+pyflakes==2.3.1           # via flake8
+pyjwt==2.8.0              # via -r requirements.txt
 pytest==3.1.3             # via -r requirements_test.in, pytest-cov
-requests==2.20.0          # via -r requirements.txt, responses
+pytest-cov==2.5.1         # via -r requirements_test.in
+requests==2.31.0          # via -r requirements.txt, responses
 responses==0.3.0          # via -r requirements_test.in
-six==1.11.0               # via -r requirements.txt, cryptography, mock, responses
-sortedcontainers==2.2.2   # via hypothesis
-urllib3==1.22             # via -r requirements.txt, requests
-werkzeug==0.15.3          # via -r requirements.txt
-
-# The following packages are considered to be unsafe in a requirements file:
-# setuptools
+six==1.16.0               # via responses
+sortedcontainers==2.4.0   # via hypothesis
+typing-extensions==4.7.1  # via -r requirements.txt, importlib-metadata, pyjwt
+urllib3==2.0.4            # via -r requirements.txt, requests
+werkzeug==2.0.3           # via -r requirements.txt
+zipp==3.15.0              # via -r requirements.txt, importlib-metadata