🔒️🔨 Upgrades redis-py to mitigate Race Condition vulnerability (#4141)

requirements/constraints.txt

@@ -4,9 +4,10 @@
 #   - breaking changes
 #   - known bugs/malfunction
 #   - coordination (e.g. enforce same library in the entire repository)
+#   - blocked libraries (specify why)
 
 #
-# Vulnerabilities
+# Vulnerabilities -----------------------------------------------------------------------------------------
 #
 aiohttp>=3.7.4                                # https://github.com/advisories/GHSA-v6wp-4m6f-gcjg
 cryptography>=39.0.1                          # https://github.com/advisories/GHSA-x4qr-2fvf-3mr5  Mar.2023
@@ -18,18 +19,14 @@ py>=1.11.0                                    # https://github.com/advisories/GH
 pydantic>=1.8.2                               # https://github.com/advisories/GHSA-5jqp-qgf6-3pvh
 pyyaml>=5.4                                   # https://github.com/advisories/GHSA-8q59-q68h-6hv4
 rsa>=4.1                                      # https://github.com/advisories/GHSA-537h-rv9q-vvph
+redis>=4.5.4                                  # https://github.com/advisories/GHSA-24wv-mv5m-xv4h
 sqlalchemy>=1.3.3                             # https://nvd.nist.gov/vuln/detail/CVE-2019-7164
 ujson>=5.4.0                                  # https://github.com/advisories/GHSA-fh56-85cw-5pq6, https://github.com/advisories/GHSA-wpqr-jcpx-745r
 urllib3>=1.26.5                               # https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
 
-# Blocked https://github.com/Pennsieve/pennsieve-python/issues/17
-# protobuf                                    # https://github.com/advisories/GHSA-8gq9-2x98-w8hf
-
-
-
 
 #
-# Breaking changes
+# Breaking changes -----------------------------------------------------------------------------------------
 #
 
 
@@ -38,15 +35,18 @@ urllib3>=1.26.5                               # https://github.com/advisories/GH
 sqlalchemy<2.0
 
 
+
 #
 # Bugs
 #
 
 # FIXME: minio 7.1.0 does not delete objects. SEE
 minio==7.0.4
 
+
+
 #
-# Compatibility/coordination
+# Compatibility/coordination -----------------------------------------------------------------------------------------
 #
 
 
@@ -68,3 +68,17 @@ importlib-metadata ; python_version < '3.8'
 importlib-resources ; python_version < '3.9'
 typing-extensions ; python_version < '3.7'
 zipp ; python_version < '3.7'
+
+
+
+#
+# Blocked -----------------------------------------------------------------------------------------
+#
+
+# We use aiofiles (with s) and NOT thisone.
+aiofile>=999999999
+
+# Dependencies were blocking updates. Instead or using the python client we
+# directly use http calls.
+# SEE https://github.com/Pennsieve/pennsieve-python/issues/17
+pennsieve>=999999999

services/agent/requirements/_base.txt

@@ -83,7 +83,7 @@ python-dateutil==2.8.2
     # via arrow
 pyyaml==5.4.1
     # via -r requirements/../../../packages/service-library/requirements/_base.in
-redis==4.4.0
+redis==4.5.4
     # via -r requirements/../../../packages/service-library/requirements/_base.in
 six==1.16.0
     # via

services/api-server/requirements/_base.txt

@@ -183,10 +183,8 @@ pyyaml==5.4.1
     #   -r requirements/_base.in
     #   fastapi
     #   uvicorn
-redis==4.4.0
-    # via
-    #   -c requirements/../../../packages/service-library/requirements/./_base.in
-    #   -r requirements/../../../packages/simcore-sdk/requirements/../../../packages/service-library/requirements/_base.in
+redis==4.5.4
+    # via -r requirements/../../../packages/simcore-sdk/requirements/../../../packages/service-library/requirements/_base.in
 requests==2.27.1
     # via fastapi
 rfc3986==1.5.0

services/autoscaling/requirements/_test.txt

@@ -221,9 +221,7 @@ pyyaml==5.4.1
     #   openapi-spec-validator
     #   responses
 redis==4.5.4
-    # via
-    #   -c requirements/_base.txt
-    #   fakeredis
+    # via fakeredis
 regex==2023.3.23
     # via cfn-lint
 requests==2.28.2

services/catalog/requirements/_base.txt

@@ -153,10 +153,8 @@ pyyaml==5.4.1
     #   -r requirements/_base.in
     #   fastapi
     #   uvicorn
-redis==4.4.0
-    # via
-    #   -c requirements/../../../packages/service-library/requirements/./_base.in
-    #   -r requirements/../../../packages/service-library/requirements/_base.in
+redis==4.5.4
+    # via -r requirements/../../../packages/service-library/requirements/_base.in
 requests==2.27.1
     # via fastapi
 rfc3986==1.4.0

services/dask-sidecar/requirements/_base.txt

@@ -158,7 +158,7 @@ pyyaml==5.4.1
     #   dask
     #   dask-gateway
     #   distributed
-redis==4.5.1
+redis==4.5.4
     # via -r requirements/../../../packages/service-library/requirements/_base.in
 requests==2.28.2
     # via fsspec

services/datcore-adapter/requirements/_base.txt

@@ -130,10 +130,8 @@ pyyaml==5.4.1
     #   -c requirements/../../../packages/service-library/requirements/./_base.in
     #   -r requirements/../../../packages/service-library/requirements/_base.in
     #   uvicorn
-redis==4.4.0
-    # via
-    #   -c requirements/../../../packages/service-library/requirements/./_base.in
-    #   -r requirements/../../../packages/service-library/requirements/_base.in
+redis==4.5.4
+    # via -r requirements/../../../packages/service-library/requirements/_base.in
 rfc3986==1.5.0
     # via httpx
 s3transfer==0.6.0

services/dynamic-sidecar/requirements/_base.txt

@@ -191,10 +191,8 @@ pyyaml==5.4.1
     #   -r requirements/../../../packages/service-library/requirements/_base.in
     #   -r requirements/_base.in
     #   docker-compose
-redis==4.4.0
-    # via
-    #   -r requirements/../../../packages/service-library/requirements/_base.in
-    #   -r requirements/../../../packages/simcore-sdk/requirements/../../../packages/service-library/requirements/_base.in
+redis==4.5.4
+    # via -r requirements/../../../packages/service-library/requirements/_base.in
 requests==2.27.1
     # via
     #   docker

services/invitations/requirements/_base.txt

@@ -116,10 +116,8 @@ pyyaml==5.4.1
     #   -c requirements/../../../packages/service-library/requirements/./_base.in
     #   -r requirements/../../../packages/service-library/requirements/_base.in
     #   uvicorn
-redis==4.4.1
-    # via
-    #   -c requirements/../../../packages/service-library/requirements/./_base.in
-    #   -r requirements/../../../packages/service-library/requirements/_base.in
+redis==4.5.4
+    # via -r requirements/../../../packages/service-library/requirements/_base.in
 rfc3986==1.5.0
     # via httpx
 rich==12.6.0

services/storage/requirements/_base.txt

@@ -154,10 +154,8 @@ pyyaml==5.4.1
     #   -r requirements/../../../packages/service-library/requirements/_base.in
     #   aiohttp-swagger
     #   openapi-spec-validator
-redis==4.4.0
-    # via
-    #   -c requirements/../../../packages/service-library/requirements/./_base.in
-    #   -r requirements/../../../packages/service-library/requirements/_base.in
+redis==4.5.4
+    # via -r requirements/../../../packages/service-library/requirements/_base.in
 s3transfer==0.5.2
     # via boto3
 semantic-version==2.9.0

tests/swarm-deploy/requirements/_test.txt

@@ -165,9 +165,7 @@ pyyaml==5.4.1
     #   -r requirements/../../../packages/service-library/requirements/_base.in
     #   -r requirements/_test.in
 redis==4.5.4
-    # via
-    #   -r requirements/../../../packages/service-library/requirements/_base.in
-    #   -r requirements/../../../packages/simcore-sdk/requirements/../../../packages/service-library/requirements/_base.in
+    # via -r requirements/../../../packages/service-library/requirements/_base.in
 requests==2.28.2
     # via
     #   -r requirements/../../../packages/postgres-database/requirements/_migration.txt