diff --git a/CHANGES.rst b/CHANGES.rst index 7eb23785..371103f4 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -9,7 +9,16 @@ Changes `Unreleased `_ (latest) ------------------------------------------------------------------------------------ -* Nothing new for the moment. +Features / Changes +~~~~~~~~~~~~~~~~~~~~~ + +* Update docker with latest ``python:3.11-alpine3.20`` base. +* Pin ``setuptools>=71.0.3`` for CVE-2024-6345. +* Pin ``requests>=2.32.3`` for CVE-2024-35195. +* Pin ``urllib3>=2.2.2`` for CVE-2024-37891. +* Pin ``zipp>=3.19.1`` for CVE-2024-5569. +* Pin ``pyramid-twitcher>=0.10.0`` and ``birdhouse/twitcher:v0.10.0`` for same security updates as above + (relates to `bird-house/twitcher#136 `_). .. _changes_4.1.0: diff --git a/Dockerfile b/Dockerfile index 09494f11..a1d8ea92 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.11-alpine3.19 +FROM python:3.11-alpine3.20 LABEL Description="Runs Magpie AuthN/AuthZ service for REST-API and UI interfaces." LABEL Maintainer="Francis Charette-Migneault " LABEL Vendor="CRIM" diff --git a/Dockerfile.adapter b/Dockerfile.adapter index 8580493c..44e01c08 100644 --- a/Dockerfile.adapter +++ b/Dockerfile.adapter @@ -3,7 +3,7 @@ # docker run will need to override ini file with mounted volume # using config 'twitcher.adapter = magpie.adapter.MagpieAdapter' # -FROM birdhouse/twitcher:v0.9.0 +FROM birdhouse/twitcher:v0.10.0 LABEL Description="Configures MagpieAdapter on top of Twitcher application." LABEL Maintainer="Francis Charette-Migneault " LABEL Vendor="CRIM" diff --git a/requirements-dev.txt b/requirements-dev.txt index bcca6abf..b28f4250 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -14,7 +14,7 @@ mock>4 pylint>=2.11,!=2.12,!=2.15 pylint-quotes # bird-house/twticher, must match version in Dockerfile.adapater -pyramid-twitcher>=0.9.0 +pyramid-twitcher>=0.10.0 pytest safety tox>=3.0 diff --git a/requirements-doc.txt b/requirements-doc.txt index 8f20d6fb..f030237d 100644 --- a/requirements-doc.txt +++ b/requirements-doc.txt @@ -2,6 +2,7 @@ # these are doc-only requirements # we actually need to install all requirements during docs build because of OpenAPI generation # (see 'docs/conf.py') +-r requirements.txt astroid<2.12 # pin to resolve sphinx-autoapi (see https://github.com/readthedocs/sphinx-autoapi/issues/349) pycodestyle>=2.6.0,<3 # sphinx-autoapi dropped 3.5 support at 1.3.0 diff --git a/requirements-sys.txt b/requirements-sys.txt index 540f0dd5..18a014bc 100644 --- a/requirements-sys.txt +++ b/requirements-sys.txt @@ -1,2 +1,3 @@ pip -setuptools>=65.5.1 +packaging>=22.0 +setuptools>=71.0.3 diff --git a/requirements.txt b/requirements.txt index cea426e4..196be30e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -25,7 +25,7 @@ pyramid_retry==2.1.1 pyramid_tm>=2.2.1 python-dotenv pyyaml>=5.1 -requests +requests>=2.32.3 requests_file simplejson six>=1.12.0 @@ -36,8 +36,10 @@ sqlalchemy-utils==0.39.0 # pyup: ignore threddsclient>=0.4.2 transaction typing_extensions +urllib3>=2.2.2 wheel>=0.38 webob ziggurat_foundations==0.9.1 zope.interface>=4.7.2,<5 zope.sqlalchemy==1.6 +zipp>=3.19.1 diff --git a/setup.py b/setup.py index b922df83..aafb3b8e 100644 --- a/setup.py +++ b/setup.py @@ -217,7 +217,7 @@ def _extra_requirements(base_requirements, other_requirements): "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", ], - python_requires=">=3.5, <4", + python_requires=">=3.8, <4", # -- Package structure ------------------------------------------------- packages=[__meta__.__package__],