Bump flask for safety (#304)

* Bump flask for safety

* let snyk check flask again w/ burnettk

* attempt to use the same revision for front w/ burnettk

---------

Co-authored-by: jasquat <jasquat@users.noreply.github.com>
This commit is contained in:
jbirddog 2023-06-06 20:33:48 -04:00 committed by GitHub
parent c86a7207d8
commit 122d1efbda
4 changed files with 31 additions and 29 deletions

View File

@ -22,6 +22,7 @@ jobs:
with:
# Disabling shallow clone is recommended for improving relevancy of reporting in sonarcloud
fetch-depth: 0
ref: ${{ github.event.workflow_run.head_sha }}
- name: Setup Node
uses: actions/setup-node@v3
with:
@ -64,6 +65,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.workflow_run.head_sha }}
- name: Checkout Samples
uses: actions/checkout@v3
with:

View File

@ -1,10 +1,12 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.25.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
SNYK-PYTHON-FLASK-5490129:
- '*':
reason: Filed ticket to upgrade flask
expires: 2024-06-02T14:48:14.372Z
created: 2023-05-03T14:48:14.379Z
#
# leaving for documenting how to ignore items
# ignore:
# SNYK-PYTHON-FLASK-5490129:
# - '*':
# reason: Filed ticket to upgrade flask
# expires: 2024-06-02T14:48:14.372Z
# created: 2023-05-03T14:48:14.379Z
patch: {}

View File

@ -179,19 +179,16 @@ uvloop = ["uvloop (>=0.15.2)"]
[[package]]
name = "blinker"
version = "1.6"
version = "1.6.2"
description = "Fast, simple object-to-object and broadcast signaling"
category = "main"
optional = false
python-versions = ">=3.7"
files = [
{file = "blinker-1.6-py3-none-any.whl", hash = "sha256:eeebd5dfc782e1817fe4261ce79936c8c8cefb90d685caf50cec458029f773c1"},
{file = "blinker-1.6.tar.gz", hash = "sha256:5874afe21df4bae8885d31a0a6c4b5861910a575eae6176f051fbb9a6571481b"},
{file = "blinker-1.6.2-py3-none-any.whl", hash = "sha256:c3d739772abb7bc2860abf5f2ec284223d9ad5c76da018234f6f50d6f31ab1f0"},
{file = "blinker-1.6.2.tar.gz", hash = "sha256:4afd3de66ef3a9f8067559fb7a1cbe555c17dcbe15971b05d1b625c3e7abe213"},
]
[package.dependencies]
typing-extensions = "*"
[[package]]
name = "certifi"
version = "2022.12.7"
@ -439,19 +436,19 @@ testing = ["flake8 (<5)", "pytest (>=6)", "pytest-black (>=0.3.7)", "pytest-chec
[[package]]
name = "connexion"
version = "2.14.2"
version = "2.14.1"
description = "Connexion - API first applications with OpenAPI/Swagger and Flask"
category = "main"
optional = false
python-versions = ">=3.6"
files = [
{file = "connexion-2.14.2-py2.py3-none-any.whl", hash = "sha256:a73b96a0e07b16979a42cde7c7e26afe8548099e352cf350f80c57185e0e0b36"},
{file = "connexion-2.14.2.tar.gz", hash = "sha256:dbc06f52ebeebcf045c9904d570f24377e8bbd5a6521caef15a06f634cf85646"},
{file = "connexion-2.14.1-py2.py3-none-any.whl", hash = "sha256:f343717241b4c4802a694c38fee66fb1693c897fe4ea5a957fa9b3b07caf6394"},
{file = "connexion-2.14.1.tar.gz", hash = "sha256:99aa5781e70a7b94f8ffae8cf89f309d49cdb811bbd65a8e2f2546f3b19a01e6"},
]
[package.dependencies]
clickclick = ">=1.2,<21"
flask = ">=1.0.4,<2.3"
flask = ">=1.0.4,<3"
inflection = ">=0.3.1,<0.6"
itsdangerous = ">=0.24"
jsonschema = ">=2.5.1,<5"
@ -459,14 +456,14 @@ packaging = ">=20"
PyYAML = ">=5.1,<7"
requests = ">=2.9.1,<3"
swagger-ui-bundle = {version = ">=0.0.2,<0.1", optional = true, markers = "extra == \"swagger-ui\""}
werkzeug = ">=1.0,<2.3"
werkzeug = ">=1.0,<3"
[package.extras]
aiohttp = ["MarkupSafe (>=0.23)", "aiohttp (>=2.3.10,<4)", "aiohttp-jinja2 (>=0.14.0,<2)"]
docs = ["sphinx-autoapi (==1.8.1)"]
flask = ["flask (>=1.0.4,<2.3)", "itsdangerous (>=0.24)"]
flask = ["flask (>=1.0.4,<3)", "itsdangerous (>=0.24)"]
swagger-ui = ["swagger-ui-bundle (>=0.0.2,<0.1)"]
tests = ["MarkupSafe (>=0.23)", "aiohttp (>=2.3.10,<4)", "aiohttp-jinja2 (>=0.14.0,<2)", "aiohttp-remotes", "decorator (>=5,<6)", "flask (>=1.0.4,<2.3)", "itsdangerous (>=0.24)", "pytest (>=6,<7)", "pytest-aiohttp", "pytest-cov (>=2,<3)", "swagger-ui-bundle (>=0.0.2,<0.1)", "testfixtures (>=6,<7)"]
tests = ["MarkupSafe (>=0.23)", "aiohttp (>=2.3.10,<4)", "aiohttp-jinja2 (>=0.14.0,<2)", "aiohttp-remotes", "decorator (>=5,<6)", "flask (>=1.0.4,<3)", "itsdangerous (>=0.24)", "pytest (>=6,<7)", "pytest-aiohttp", "pytest-cov (>=2,<3)", "swagger-ui-bundle (>=0.0.2,<0.1)", "testfixtures (>=6,<7)"]
[[package]]
name = "coverage"
@ -664,14 +661,14 @@ testing = ["covdefaults (>=2.3)", "coverage (>=7.2.2)", "diff-cover (>=7.5)", "p
[[package]]
name = "flask"
version = "2.2.2"
version = "2.2.5"
description = "A simple framework for building complex web applications."
category = "main"
optional = false
python-versions = ">=3.7"
files = [
{file = "Flask-2.2.2-py3-none-any.whl", hash = "sha256:b9c46cc36662a7949f34b52d8ec7bb59c0d74ba08ba6cb9ce9adc1d8676d9526"},
{file = "Flask-2.2.2.tar.gz", hash = "sha256:642c450d19c4ad482f96729bd2a8f6d32554aa1e231f4f6b4e7e5264b16cca2b"},
{file = "Flask-2.2.5-py3-none-any.whl", hash = "sha256:58107ed83443e86067e41eff4631b058178191a355886f8e479e347fa1285fdf"},
{file = "Flask-2.2.5.tar.gz", hash = "sha256:edee9b0a7ff26621bd5a8c10ff484ae28737a2410d99b0bb9a6850c7fb977aa0"},
]
[package.dependencies]
@ -2775,21 +2772,21 @@ test = ["covdefaults (>=2.2.2)", "coverage (>=7.1)", "coverage-enable-subprocess
[[package]]
name = "werkzeug"
version = "2.2.3"
version = "2.3.4"
description = "The comprehensive WSGI web application library."
category = "main"
optional = false
python-versions = ">=3.7"
python-versions = ">=3.8"
files = [
{file = "Werkzeug-2.2.3-py3-none-any.whl", hash = "sha256:56433961bc1f12533306c624f3be5e744389ac61d722175d543e1751285da612"},
{file = "Werkzeug-2.2.3.tar.gz", hash = "sha256:2e1ccc9417d4da358b9de6f174e3ac094391ea1d4fbef2d667865d819dfd0afe"},
{file = "Werkzeug-2.3.4-py3-none-any.whl", hash = "sha256:48e5e61472fee0ddee27ebad085614ebedb7af41e88f687aaf881afb723a162f"},
{file = "Werkzeug-2.3.4.tar.gz", hash = "sha256:1d5a58e0377d1fe39d061a5de4469e414e78ccb1e1e59c0f5ad6fa1c36c52b76"},
]
[package.dependencies]
MarkupSafe = ">=2.1.1"
[package.extras]
watchdog = ["watchdog"]
watchdog = ["watchdog (>=2.3)"]
[[package]]
name = "wtforms"
@ -2842,4 +2839,4 @@ tests-strict = ["codecov (==2.0.15)", "pytest (==4.6.0)", "pytest (==4.6.0)", "p
[metadata]
lock-version = "2.0"
python-versions = ">=3.10,<3.12"
content-hash = "1fed761926079e9c88b1568c8f083f5fdb785a868a0597721eae4eea582bfa10"
content-hash = "67863394f8de94eaddd20964ae383c6dc3416bbdec623e399b5a8a0d163e5178"

View File

@ -18,7 +18,7 @@ Changelog = "https://github.com/sartography/spiffworkflow-backend/releases"
[tool.poetry.dependencies]
python = ">=3.10,<3.12"
click = "^8.0.1"
flask = "2.2.2"
flask = "2.2.5"
flask-admin = "*"
flask-bcrypt = "*"
flask-cors = "*"