Bump flask for safety (#304)
* Bump flask for safety * let snyk check flask again w/ burnettk * attempt to use the same revision for front w/ burnettk --------- Co-authored-by: jasquat <jasquat@users.noreply.github.com>
This commit is contained in:
parent
c86a7207d8
commit
122d1efbda
|
@ -22,6 +22,7 @@ jobs:
|
|||
with:
|
||||
# Disabling shallow clone is recommended for improving relevancy of reporting in sonarcloud
|
||||
fetch-depth: 0
|
||||
ref: ${{ github.event.workflow_run.head_sha }}
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@v3
|
||||
with:
|
||||
|
@ -64,6 +65,8 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
ref: ${{ github.event.workflow_run.head_sha }}
|
||||
- name: Checkout Samples
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
|
|
|
@ -1,10 +1,12 @@
|
|||
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
|
||||
version: v1.25.0
|
||||
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
|
||||
ignore:
|
||||
SNYK-PYTHON-FLASK-5490129:
|
||||
- '*':
|
||||
reason: Filed ticket to upgrade flask
|
||||
expires: 2024-06-02T14:48:14.372Z
|
||||
created: 2023-05-03T14:48:14.379Z
|
||||
#
|
||||
# leaving for documenting how to ignore items
|
||||
# ignore:
|
||||
# SNYK-PYTHON-FLASK-5490129:
|
||||
# - '*':
|
||||
# reason: Filed ticket to upgrade flask
|
||||
# expires: 2024-06-02T14:48:14.372Z
|
||||
# created: 2023-05-03T14:48:14.379Z
|
||||
patch: {}
|
||||
|
|
|
@ -179,19 +179,16 @@ uvloop = ["uvloop (>=0.15.2)"]
|
|||
|
||||
[[package]]
|
||||
name = "blinker"
|
||||
version = "1.6"
|
||||
version = "1.6.2"
|
||||
description = "Fast, simple object-to-object and broadcast signaling"
|
||||
category = "main"
|
||||
optional = false
|
||||
python-versions = ">=3.7"
|
||||
files = [
|
||||
{file = "blinker-1.6-py3-none-any.whl", hash = "sha256:eeebd5dfc782e1817fe4261ce79936c8c8cefb90d685caf50cec458029f773c1"},
|
||||
{file = "blinker-1.6.tar.gz", hash = "sha256:5874afe21df4bae8885d31a0a6c4b5861910a575eae6176f051fbb9a6571481b"},
|
||||
{file = "blinker-1.6.2-py3-none-any.whl", hash = "sha256:c3d739772abb7bc2860abf5f2ec284223d9ad5c76da018234f6f50d6f31ab1f0"},
|
||||
{file = "blinker-1.6.2.tar.gz", hash = "sha256:4afd3de66ef3a9f8067559fb7a1cbe555c17dcbe15971b05d1b625c3e7abe213"},
|
||||
]
|
||||
|
||||
[package.dependencies]
|
||||
typing-extensions = "*"
|
||||
|
||||
[[package]]
|
||||
name = "certifi"
|
||||
version = "2022.12.7"
|
||||
|
@ -439,19 +436,19 @@ testing = ["flake8 (<5)", "pytest (>=6)", "pytest-black (>=0.3.7)", "pytest-chec
|
|||
|
||||
[[package]]
|
||||
name = "connexion"
|
||||
version = "2.14.2"
|
||||
version = "2.14.1"
|
||||
description = "Connexion - API first applications with OpenAPI/Swagger and Flask"
|
||||
category = "main"
|
||||
optional = false
|
||||
python-versions = ">=3.6"
|
||||
files = [
|
||||
{file = "connexion-2.14.2-py2.py3-none-any.whl", hash = "sha256:a73b96a0e07b16979a42cde7c7e26afe8548099e352cf350f80c57185e0e0b36"},
|
||||
{file = "connexion-2.14.2.tar.gz", hash = "sha256:dbc06f52ebeebcf045c9904d570f24377e8bbd5a6521caef15a06f634cf85646"},
|
||||
{file = "connexion-2.14.1-py2.py3-none-any.whl", hash = "sha256:f343717241b4c4802a694c38fee66fb1693c897fe4ea5a957fa9b3b07caf6394"},
|
||||
{file = "connexion-2.14.1.tar.gz", hash = "sha256:99aa5781e70a7b94f8ffae8cf89f309d49cdb811bbd65a8e2f2546f3b19a01e6"},
|
||||
]
|
||||
|
||||
[package.dependencies]
|
||||
clickclick = ">=1.2,<21"
|
||||
flask = ">=1.0.4,<2.3"
|
||||
flask = ">=1.0.4,<3"
|
||||
inflection = ">=0.3.1,<0.6"
|
||||
itsdangerous = ">=0.24"
|
||||
jsonschema = ">=2.5.1,<5"
|
||||
|
@ -459,14 +456,14 @@ packaging = ">=20"
|
|||
PyYAML = ">=5.1,<7"
|
||||
requests = ">=2.9.1,<3"
|
||||
swagger-ui-bundle = {version = ">=0.0.2,<0.1", optional = true, markers = "extra == \"swagger-ui\""}
|
||||
werkzeug = ">=1.0,<2.3"
|
||||
werkzeug = ">=1.0,<3"
|
||||
|
||||
[package.extras]
|
||||
aiohttp = ["MarkupSafe (>=0.23)", "aiohttp (>=2.3.10,<4)", "aiohttp-jinja2 (>=0.14.0,<2)"]
|
||||
docs = ["sphinx-autoapi (==1.8.1)"]
|
||||
flask = ["flask (>=1.0.4,<2.3)", "itsdangerous (>=0.24)"]
|
||||
flask = ["flask (>=1.0.4,<3)", "itsdangerous (>=0.24)"]
|
||||
swagger-ui = ["swagger-ui-bundle (>=0.0.2,<0.1)"]
|
||||
tests = ["MarkupSafe (>=0.23)", "aiohttp (>=2.3.10,<4)", "aiohttp-jinja2 (>=0.14.0,<2)", "aiohttp-remotes", "decorator (>=5,<6)", "flask (>=1.0.4,<2.3)", "itsdangerous (>=0.24)", "pytest (>=6,<7)", "pytest-aiohttp", "pytest-cov (>=2,<3)", "swagger-ui-bundle (>=0.0.2,<0.1)", "testfixtures (>=6,<7)"]
|
||||
tests = ["MarkupSafe (>=0.23)", "aiohttp (>=2.3.10,<4)", "aiohttp-jinja2 (>=0.14.0,<2)", "aiohttp-remotes", "decorator (>=5,<6)", "flask (>=1.0.4,<3)", "itsdangerous (>=0.24)", "pytest (>=6,<7)", "pytest-aiohttp", "pytest-cov (>=2,<3)", "swagger-ui-bundle (>=0.0.2,<0.1)", "testfixtures (>=6,<7)"]
|
||||
|
||||
[[package]]
|
||||
name = "coverage"
|
||||
|
@ -664,14 +661,14 @@ testing = ["covdefaults (>=2.3)", "coverage (>=7.2.2)", "diff-cover (>=7.5)", "p
|
|||
|
||||
[[package]]
|
||||
name = "flask"
|
||||
version = "2.2.2"
|
||||
version = "2.2.5"
|
||||
description = "A simple framework for building complex web applications."
|
||||
category = "main"
|
||||
optional = false
|
||||
python-versions = ">=3.7"
|
||||
files = [
|
||||
{file = "Flask-2.2.2-py3-none-any.whl", hash = "sha256:b9c46cc36662a7949f34b52d8ec7bb59c0d74ba08ba6cb9ce9adc1d8676d9526"},
|
||||
{file = "Flask-2.2.2.tar.gz", hash = "sha256:642c450d19c4ad482f96729bd2a8f6d32554aa1e231f4f6b4e7e5264b16cca2b"},
|
||||
{file = "Flask-2.2.5-py3-none-any.whl", hash = "sha256:58107ed83443e86067e41eff4631b058178191a355886f8e479e347fa1285fdf"},
|
||||
{file = "Flask-2.2.5.tar.gz", hash = "sha256:edee9b0a7ff26621bd5a8c10ff484ae28737a2410d99b0bb9a6850c7fb977aa0"},
|
||||
]
|
||||
|
||||
[package.dependencies]
|
||||
|
@ -2775,21 +2772,21 @@ test = ["covdefaults (>=2.2.2)", "coverage (>=7.1)", "coverage-enable-subprocess
|
|||
|
||||
[[package]]
|
||||
name = "werkzeug"
|
||||
version = "2.2.3"
|
||||
version = "2.3.4"
|
||||
description = "The comprehensive WSGI web application library."
|
||||
category = "main"
|
||||
optional = false
|
||||
python-versions = ">=3.7"
|
||||
python-versions = ">=3.8"
|
||||
files = [
|
||||
{file = "Werkzeug-2.2.3-py3-none-any.whl", hash = "sha256:56433961bc1f12533306c624f3be5e744389ac61d722175d543e1751285da612"},
|
||||
{file = "Werkzeug-2.2.3.tar.gz", hash = "sha256:2e1ccc9417d4da358b9de6f174e3ac094391ea1d4fbef2d667865d819dfd0afe"},
|
||||
{file = "Werkzeug-2.3.4-py3-none-any.whl", hash = "sha256:48e5e61472fee0ddee27ebad085614ebedb7af41e88f687aaf881afb723a162f"},
|
||||
{file = "Werkzeug-2.3.4.tar.gz", hash = "sha256:1d5a58e0377d1fe39d061a5de4469e414e78ccb1e1e59c0f5ad6fa1c36c52b76"},
|
||||
]
|
||||
|
||||
[package.dependencies]
|
||||
MarkupSafe = ">=2.1.1"
|
||||
|
||||
[package.extras]
|
||||
watchdog = ["watchdog"]
|
||||
watchdog = ["watchdog (>=2.3)"]
|
||||
|
||||
[[package]]
|
||||
name = "wtforms"
|
||||
|
@ -2842,4 +2839,4 @@ tests-strict = ["codecov (==2.0.15)", "pytest (==4.6.0)", "pytest (==4.6.0)", "p
|
|||
[metadata]
|
||||
lock-version = "2.0"
|
||||
python-versions = ">=3.10,<3.12"
|
||||
content-hash = "1fed761926079e9c88b1568c8f083f5fdb785a868a0597721eae4eea582bfa10"
|
||||
content-hash = "67863394f8de94eaddd20964ae383c6dc3416bbdec623e399b5a8a0d163e5178"
|
||||
|
|
|
@ -18,7 +18,7 @@ Changelog = "https://github.com/sartography/spiffworkflow-backend/releases"
|
|||
[tool.poetry.dependencies]
|
||||
python = ">=3.10,<3.12"
|
||||
click = "^8.0.1"
|
||||
flask = "2.2.2"
|
||||
flask = "2.2.5"
|
||||
flask-admin = "*"
|
||||
flask-bcrypt = "*"
|
||||
flask-cors = "*"
|
||||
|
|
Loading…
Reference in New Issue