sartography/spiff-arena
1
0
Fork 0
mirror of https://github.com/sartography/spiff-arena.git synced 2025-01-12 10:34:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bump flask for safety (#304)

Browse Source 
* Bump flask for safety

* let snyk check flask again w/ burnettk

* attempt to use the same revision for front w/ burnettk

---------

Co-authored-by: jasquat <jasquat@users.noreply.github.com>
This commit is contained in:
jbirddog 2023-06-06 20:33:48 -04:00 committed by GitHub
parent c86a7207d8
commit 122d1efbda
4 changed files with 31 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/frontend_tests.yml vendored
View File

@ -22,6 +22,7 @@ jobs:
with: with:
# Disabling shallow clone is recommended for improving relevancy of reporting in sonarcloud # Disabling shallow clone is recommended for improving relevancy of reporting in sonarcloud
fetch-depth: 0 fetch-depth: 0
ref: ${{ github.event.workflow_run.head_sha }}
- name: Setup Node - name: Setup Node
uses: actions/setup-node@v3 uses: actions/setup-node@v3
with: with:
@ -64,6 +65,8 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
with:
ref: ${{ github.event.workflow_run.head_sha }}
- name: Checkout Samples - name: Checkout Samples
uses: actions/checkout@v3 uses: actions/checkout@v3
with: with:

14
spiffworkflow-backend/.snyk
View File

@ -1,10 +1,12 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.25.0 version: v1.25.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date # ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore: #
SNYK-PYTHON-FLASK-5490129: # leaving for documenting how to ignore items
- '*': # ignore:
reason: Filed ticket to upgrade flask # SNYK-PYTHON-FLASK-5490129:
expires: 2024-06-02T14:48:14.372Z # - '*':
created: 2023-05-03T14:48:14.379Z # reason: Filed ticket to upgrade flask
# expires: 2024-06-02T14:48:14.372Z
# created: 2023-05-03T14:48:14.379Z
patch: {} patch: {}

41
spiffworkflow-backend/poetry.lock generated
View File

@ -179,19 +179,16 @@ uvloop = ["uvloop (>=0.15.2)"]
[[package]] [[package]]
name = "blinker" name = "blinker"
version = "1.6" version = "1.6.2"
description = "Fast, simple object-to-object and broadcast signaling" description = "Fast, simple object-to-object and broadcast signaling"
category = "main" category = "main"
optional = false optional = false
python-versions = ">=3.7" python-versions = ">=3.7"
files = [ files = [
{file = "blinker-1.6-py3-none-any.whl", hash = "sha256:eeebd5dfc782e1817fe4261ce79936c8c8cefb90d685caf50cec458029f773c1"}, {file = "blinker-1.6.2-py3-none-any.whl", hash = "sha256:c3d739772abb7bc2860abf5f2ec284223d9ad5c76da018234f6f50d6f31ab1f0"},
{file = "blinker-1.6.tar.gz", hash = "sha256:5874afe21df4bae8885d31a0a6c4b5861910a575eae6176f051fbb9a6571481b"}, {file = "blinker-1.6.2.tar.gz", hash = "sha256:4afd3de66ef3a9f8067559fb7a1cbe555c17dcbe15971b05d1b625c3e7abe213"},
] ]
[package.dependencies]
typing-extensions = "*"
[[package]] [[package]]
name = "certifi" name = "certifi"
version = "2022.12.7" version = "2022.12.7"
@ -439,19 +436,19 @@ testing = ["flake8 (<5)", "pytest (>=6)", "pytest-black (>=0.3.7)", "pytest-chec
[[package]] [[package]]
name = "connexion" name = "connexion"
version = "2.14.2" version = "2.14.1"
description = "Connexion - API first applications with OpenAPI/Swagger and Flask" description = "Connexion - API first applications with OpenAPI/Swagger and Flask"
category = "main" category = "main"
optional = false optional = false
python-versions = ">=3.6" python-versions = ">=3.6"
files = [ files = [
{file = "connexion-2.14.2-py2.py3-none-any.whl", hash = "sha256:a73b96a0e07b16979a42cde7c7e26afe8548099e352cf350f80c57185e0e0b36"}, {file = "connexion-2.14.1-py2.py3-none-any.whl", hash = "sha256:f343717241b4c4802a694c38fee66fb1693c897fe4ea5a957fa9b3b07caf6394"},
{file = "connexion-2.14.2.tar.gz", hash = "sha256:dbc06f52ebeebcf045c9904d570f24377e8bbd5a6521caef15a06f634cf85646"}, {file = "connexion-2.14.1.tar.gz", hash = "sha256:99aa5781e70a7b94f8ffae8cf89f309d49cdb811bbd65a8e2f2546f3b19a01e6"},
] ]
[package.dependencies] [package.dependencies]
clickclick = ">=1.2,<21" clickclick = ">=1.2,<21"
flask = ">=1.0.4,<2.3" flask = ">=1.0.4,<3"
inflection = ">=0.3.1,<0.6" inflection = ">=0.3.1,<0.6"
itsdangerous = ">=0.24" itsdangerous = ">=0.24"
jsonschema = ">=2.5.1,<5" jsonschema = ">=2.5.1,<5"
@ -459,14 +456,14 @@ packaging = ">=20"
PyYAML = ">=5.1,<7" PyYAML = ">=5.1,<7"
requests = ">=2.9.1,<3" requests = ">=2.9.1,<3"
swagger-ui-bundle = {version = ">=0.0.2,<0.1", optional = true, markers = "extra == \"swagger-ui\""} swagger-ui-bundle = {version = ">=0.0.2,<0.1", optional = true, markers = "extra == \"swagger-ui\""}
werkzeug = ">=1.0,<2.3" werkzeug = ">=1.0,<3"
[package.extras] [package.extras]
aiohttp = ["MarkupSafe (>=0.23)", "aiohttp (>=2.3.10,<4)", "aiohttp-jinja2 (>=0.14.0,<2)"] aiohttp = ["MarkupSafe (>=0.23)", "aiohttp (>=2.3.10,<4)", "aiohttp-jinja2 (>=0.14.0,<2)"]
docs = ["sphinx-autoapi (==1.8.1)"] docs = ["sphinx-autoapi (==1.8.1)"]
flask = ["flask (>=1.0.4,<2.3)", "itsdangerous (>=0.24)"] flask = ["flask (>=1.0.4,<3)", "itsdangerous (>=0.24)"]
swagger-ui = ["swagger-ui-bundle (>=0.0.2,<0.1)"] swagger-ui = ["swagger-ui-bundle (>=0.0.2,<0.1)"]
tests = ["MarkupSafe (>=0.23)", "aiohttp (>=2.3.10,<4)", "aiohttp-jinja2 (>=0.14.0,<2)", "aiohttp-remotes", "decorator (>=5,<6)", "flask (>=1.0.4,<2.3)", "itsdangerous (>=0.24)", "pytest (>=6,<7)", "pytest-aiohttp", "pytest-cov (>=2,<3)", "swagger-ui-bundle (>=0.0.2,<0.1)", "testfixtures (>=6,<7)"] tests = ["MarkupSafe (>=0.23)", "aiohttp (>=2.3.10,<4)", "aiohttp-jinja2 (>=0.14.0,<2)", "aiohttp-remotes", "decorator (>=5,<6)", "flask (>=1.0.4,<3)", "itsdangerous (>=0.24)", "pytest (>=6,<7)", "pytest-aiohttp", "pytest-cov (>=2,<3)", "swagger-ui-bundle (>=0.0.2,<0.1)", "testfixtures (>=6,<7)"]
[[package]] [[package]]
name = "coverage" name = "coverage"
@ -664,14 +661,14 @@ testing = ["covdefaults (>=2.3)", "coverage (>=7.2.2)", "diff-cover (>=7.5)", "p
[[package]] [[package]]
name = "flask" name = "flask"
version = "2.2.2" version = "2.2.5"
description = "A simple framework for building complex web applications." description = "A simple framework for building complex web applications."
category = "main" category = "main"
optional = false optional = false
python-versions = ">=3.7" python-versions = ">=3.7"
files = [ files = [
{file = "Flask-2.2.2-py3-none-any.whl", hash = "sha256:b9c46cc36662a7949f34b52d8ec7bb59c0d74ba08ba6cb9ce9adc1d8676d9526"}, {file = "Flask-2.2.5-py3-none-any.whl", hash = "sha256:58107ed83443e86067e41eff4631b058178191a355886f8e479e347fa1285fdf"},
{file = "Flask-2.2.2.tar.gz", hash = "sha256:642c450d19c4ad482f96729bd2a8f6d32554aa1e231f4f6b4e7e5264b16cca2b"}, {file = "Flask-2.2.5.tar.gz", hash = "sha256:edee9b0a7ff26621bd5a8c10ff484ae28737a2410d99b0bb9a6850c7fb977aa0"},
] ]
[package.dependencies] [package.dependencies]
@ -2775,21 +2772,21 @@ test = ["covdefaults (>=2.2.2)", "coverage (>=7.1)", "coverage-enable-subprocess
[[package]] [[package]]
name = "werkzeug" name = "werkzeug"
version = "2.2.3" version = "2.3.4"
description = "The comprehensive WSGI web application library." description = "The comprehensive WSGI web application library."
category = "main" category = "main"
optional = false optional = false
python-versions = ">=3.7" python-versions = ">=3.8"
files = [ files = [
{file = "Werkzeug-2.2.3-py3-none-any.whl", hash = "sha256:56433961bc1f12533306c624f3be5e744389ac61d722175d543e1751285da612"}, {file = "Werkzeug-2.3.4-py3-none-any.whl", hash = "sha256:48e5e61472fee0ddee27ebad085614ebedb7af41e88f687aaf881afb723a162f"},
{file = "Werkzeug-2.2.3.tar.gz", hash = "sha256:2e1ccc9417d4da358b9de6f174e3ac094391ea1d4fbef2d667865d819dfd0afe"}, {file = "Werkzeug-2.3.4.tar.gz", hash = "sha256:1d5a58e0377d1fe39d061a5de4469e414e78ccb1e1e59c0f5ad6fa1c36c52b76"},
] ]
[package.dependencies] [package.dependencies]
MarkupSafe = ">=2.1.1" MarkupSafe = ">=2.1.1"
[package.extras] [package.extras]
watchdog = ["watchdog"] watchdog = ["watchdog (>=2.3)"]
[[package]] [[package]]
name = "wtforms" name = "wtforms"
@ -2842,4 +2839,4 @@ tests-strict = ["codecov (==2.0.15)", "pytest (==4.6.0)", "pytest (==4.6.0)", "p
[metadata] [metadata]
lock-version = "2.0" lock-version = "2.0"
python-versions = ">=3.10,<3.12" python-versions = ">=3.10,<3.12"
content-hash = "1fed761926079e9c88b1568c8f083f5fdb785a868a0597721eae4eea582bfa10" content-hash = "67863394f8de94eaddd20964ae383c6dc3416bbdec623e399b5a8a0d163e5178"

2
spiffworkflow-backend/pyproject.toml
View File

@ -18,7 +18,7 @@ Changelog = "https://github.com/sartography/spiffworkflow-backend/releases"
[tool.poetry.dependencies] [tool.poetry.dependencies]
python = ">=3.10,<3.12" python = ">=3.10,<3.12"
click = "^8.0.1" click = "^8.0.1"
flask = "2.2.2" flask = "2.2.5"
flask-admin = "*" flask-admin = "*"
flask-bcrypt = "*" flask-bcrypt = "*"
flask-cors = "*" flask-cors = "*"