Skip to content

Commit

Permalink
SYS-576 more dependency updates for python-builder / python-wsgi
Browse files Browse the repository at this point in the history
  • Loading branch information
@instantlinux
instantlinux committed Aug 8, 2023
1 parent 5ff8f16 commit 34646fb
Show file tree
Hide file tree
Showing 7 changed files with 39 additions and 192 deletions.
1 change: 1 addition & 0 deletions .image-gitlab-ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ security_scan_trivy:
- trivy image "${REGISTRY}/${IMAGE}:${TAG}" --severity LOW,MEDIUM
--exit-code 0 --format table --output medium-vulns.txt
- cat medium-vulns.txt
- echo CVE-2023-2253 > .trivyignore
- trivy image "${REGISTRY}/${IMAGE}:${TAG}"
cache:
paths: [ .trivycache ]
Expand Down
2 changes: 1 addition & 1 deletion images/python-builder/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ RUN addgroup -g $DOCKER_GID docker && \
py3-pycryptodomex py3-greenlet \
py3-itsdangerous py3-jinja2 py3-ldap3 py3-passlib \
py3-pillow=$PYPILLOW_VERSION py3-pip py3-requests py3-virtualenv \
py3-werkzeug helm=$HELM_VERSION sqlite tar tzdata wget && \
py3-werkzeug helm=$HELM_VERSION sqlite tar tzdata wget libssl1.1 libcrypto1.1 && \
cp /usr/share/zoneinfo/$TZ /etc/localtime && \
echo $TZ >/etc/timezone && \
mkdir -p /usr/lib/docker/cli-plugins && \
Expand Down
9 changes: 7 additions & 2 deletions images/python-builder/Pipfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@

[packages]
# alpine provides pre-built wheels for these
Authlib = "==1.2.0"
# loads of breaking changes in 1.2
Authlib = "<1.0.0"
babel = "==2.12.1"
boto3 = "==1.26.132"
botocore = "==1.29.132"
Expand Down Expand Up @@ -33,7 +34,7 @@ alembic = "*"
arrow = "*"
b2sdk = "*"
celery = "*"
connexion = "==2.7.0"
connexion = "*"
"connexion[swagger-ui]" = "*"
coverage = "*"
docopt = "*"
Expand All @@ -57,3 +58,7 @@ swagger-ui-bundle = "*"
twine = "*"
urllib3 = "*"
wheel = "*"

# Transitive dependencies
# for jsonschema-spec 0.2.3
referencing = "<0.30.0"
104 changes: 11 additions & 93 deletions images/python-builder/Pipfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 7 additions & 2 deletions images/python-wsgi/Pipfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@

[packages]
# alpine provides pre-built wheels for these
Authlib = "==1.2.0"
# loads of breaking changes in 1.2
Authlib = "<1.0.0"
babel = "==2.12.1"
boto3 = "==1.26.132"
botocore = "==1.29.132"
Expand Down Expand Up @@ -34,7 +35,7 @@ werkzeug = "==2.2.3"
alembic = "*"
b2sdk = "*"
celery = "*"
connexion = "==2.7.0"
connexion = "*"
"connexion[swagger-ui]" = "*"
docopt = "*"
dollar-ref = "*"
Expand All @@ -49,3 +50,7 @@ SQLAlchemy = "<1.4.0"
SQLAlchemy-Utils = "*"
swagger-ui-bundle = "*"
urllib3 = "*"

# Transitive dependencies
# for jsonschema-spec 0.2.3
referencing = "<0.30.0"
Loading

0 comments on commit 34646fb

Please sign in to comment.