⬆️ Security update and tuning e2e (#5618)

ITISFoundation · Apr 8, 2024 · 3fa4101 · 3fa4101
1 parent 44f5d9c
commit 3fa4101
Show file tree

Hide file tree

Showing 25 changed files with 90 additions and 806 deletions.
diff --git a/packages/aws-library/requirements/_base.txt b/packages/aws-library/requirements/_base.txt
@@ -66,7 +66,7 @@ multidict==6.0.4
     # via
     #   aiohttp
     #   yarl
-orjson==3.9.10
+orjson==3.10.0
 pamqp==3.2.1
     # via aiormq
 pydantic==1.10.13

diff --git a/packages/dask-task-models-library/requirements/_base.txt b/packages/dask-task-models-library/requirements/_base.txt
@@ -43,7 +43,7 @@ mdurl==0.1.2
     # via markdown-it-py
 msgpack==1.0.7
     # via distributed
-orjson==3.9.10
+orjson==3.10.0
 packaging==23.2
     # via
     #   dask

diff --git a/packages/models-library/requirements/_base.txt b/packages/models-library/requirements/_base.txt
@@ -12,7 +12,7 @@ idna==3.4
 jsonschema==4.19.2
 jsonschema-specifications==2023.7.1
     # via jsonschema
-orjson==3.9.10
+orjson==3.10.0
 pydantic==1.10.13
 python-dateutil==2.8.2
     # via arrow

diff --git a/packages/notifications-library/requirements/_base.txt b/packages/notifications-library/requirements/_base.txt
@@ -38,7 +38,7 @@ mdurl==0.1.2
     # via markdown-it-py
 multidict==6.0.5
     # via yarl
-orjson==3.9.15
+orjson==3.10.0
 psycopg2-binary==2.9.9
     # via sqlalchemy
 pydantic==1.10.14

diff --git a/packages/service-integration/requirements/_base.txt b/packages/service-integration/requirements/_base.txt
@@ -31,7 +31,7 @@ markdown-it-py==3.0.0
     # via rich
 mdurl==0.1.2
     # via markdown-it-py
-orjson==3.9.10
+orjson==3.10.0
 packaging==23.2
     # via
     #   docker

diff --git a/packages/service-library/requirements/_base.txt b/packages/service-library/requirements/_base.txt
@@ -45,7 +45,7 @@ multidict==6.0.4
     # via
     #   aiohttp
     #   yarl
-orjson==3.9.10
+orjson==3.10.0
 pamqp==3.2.1
     # via aiormq
 pydantic==1.10.13

diff --git a/packages/simcore-sdk/requirements/_base.txt b/packages/simcore-sdk/requirements/_base.txt
@@ -57,7 +57,7 @@ multidict==6.0.4
     # via
     #   aiohttp
     #   yarl
-orjson==3.9.10
+orjson==3.10.0
 packaging==23.2
 pamqp==3.2.1
     # via aiormq

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
@@ -15,6 +15,7 @@ cryptography>=41.0.6                          # https://github.com/advisories/GH
 httpx>=0.23.0                                 # https://github.com/advisories/GHSA-h8pj-cxx2-jfg2 / CVE-2021-41945
 jinja2>=2.11.3                                # https://github.com/advisories/GHSA-g3rq-g295-4j3m
 mako>=1.2.2                                   # https://github.com/advisories/GHSA-v973-fxgf-6xhp
+orjson>=3.9.15                                # https://github.com/advisories/GHSA-pwr2-4v36-6qpr
 paramiko>=2.10.1                              # https://github.com/advisories/GHSA-f8q4-jwww-x3wv
 py>=1.11.0                                    # https://github.com/advisories/GHSA-w596-4wvx-j9j6 / CVE-2022-42969
 pydantic>=1.8.2                               # https://github.com/advisories/GHSA-5jqp-qgf6-3pvh

diff --git a/services/agent/requirements/_base.txt b/services/agent/requirements/_base.txt
@@ -1,33 +1,13 @@
-#
-# This file is autogenerated by pip-compile with Python 3.10
-# by the following command:
-#
-#    pip-compile --output-file=requirements/_base.txt --strip-extras requirements/_base.in
-#
 aiodocker==0.21.0
-    # via
-    #   -c requirements/../../../packages/service-library/requirements/./_base.in
-    #   -r requirements/_base.in
 aiohttp==3.8.5
-    # via
-    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../requirements/constraints.txt
-    #   aiodocker
+    # via aiodocker
 aiosignal==1.2.0
     # via aiohttp
 anyio==3.6.2
     # via
     #   httpx
     #   starlette
 arrow==1.2.3
-    # via
-    #   -c requirements/../../../packages/service-library/requirements/./_base.in
-    #   -r requirements/../../../packages/models-library/requirements/_base.in
-    #   -r requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/_base.in
 async-timeout==4.0.2
     # via aiohttp
 attrs==21.4.0
@@ -36,12 +16,6 @@ attrs==21.4.0
     #   jsonschema
 certifi==2023.11.17
     # via
-    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../requirements/constraints.txt
     #   httpcore
     #   httpx
 charset-normalizer==2.1.1
@@ -55,16 +29,7 @@ dnspython==2.2.1
 email-validator==1.3.0
     # via pydantic
 fastapi==0.96.0
-    # via
-    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../requirements/constraints.txt
-    #   -r requirements/../../../packages/service-library/requirements/_fastapi.in
-    #   -r requirements/_base.in
-    #   prometheus-fastapi-instrumentator
+    # via prometheus-fastapi-instrumentator
 frozenlist==1.3.1
     # via
     #   aiohttp
@@ -76,24 +41,13 @@ h11==0.14.0
 httpcore==1.0.2
     # via httpx
 httpx==0.26.0
-    # via
-    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../requirements/constraints.txt
-    #   -r requirements/../../../packages/service-library/requirements/_fastapi.in
 idna==3.4
     # via
     #   anyio
     #   email-validator
     #   httpx
     #   yarl
 jsonschema==3.2.0
-    # via
-    #   -r requirements/../../../packages/models-library/requirements/_base.in
-    #   -r requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/_base.in
 markdown-it-py==3.0.0
     # via rich
 mdurl==0.1.2
@@ -102,43 +56,23 @@ multidict==6.0.2
     # via
     #   aiohttp
     #   yarl
-orjson==3.9.7
-    # via
-    #   -r requirements/../../../packages/models-library/requirements/_base.in
-    #   -r requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/_base.in
+orjson==3.10.0
 packaging==23.1
-    # via -r requirements/_base.in
 prometheus-client==0.19.0
     # via prometheus-fastapi-instrumentator
 prometheus-fastapi-instrumentator==6.1.0
-    # via -r requirements/../../../packages/service-library/requirements/_fastapi.in
 pydantic==1.10.2
-    # via
-    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./_base.in
-    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../requirements/constraints.txt
-    #   -r requirements/../../../packages/models-library/requirements/_base.in
-    #   -r requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/_base.in
-    #   -r requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/_base.in
-    #   -r requirements/../../../packages/settings-library/requirements/_base.in
-    #   -r requirements/_base.in
-    #   fastapi
+    # via fastapi
 pygments==2.15.1
     # via rich
 pyrsistent==0.19.2
     # via jsonschema
 python-dateutil==2.8.2
     # via arrow
 python-dotenv==1.0.0
-    # via -r requirements/_base.in
 rich==13.4.2
-    # via
-    #   -r requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/_base.in
-    #   -r requirements/../../../packages/settings-library/requirements/_base.in
+setuptools==69.2.0
+    # via jsonschema
 six==1.16.0
     # via
     #   jsonschema
@@ -148,28 +82,12 @@ sniffio==1.3.0
     #   anyio
     #   httpx
 starlette==0.27.0
-    # via
-    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../requirements/constraints.txt
-    #   fastapi
+    # via fastapi
 typer==0.6.1
-    # via
-    #   -r requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/_base.in
-    #   -r requirements/../../../packages/settings-library/requirements/_base.in
 typing-extensions==4.4.0
     # via
     #   aiodocker
     #   pydantic
 uvicorn==0.19.0
-    # via
-    #   -r requirements/../../../packages/service-library/requirements/_fastapi.in
-    #   -r requirements/_base.in
 yarl==1.9.2
     # via aiohttp
-
-# The following packages are considered to be unsafe in a requirements file:
-# setuptools
diff --git a/services/autoscaling/requirements/_base.txt b/services/autoscaling/requirements/_base.txt
@@ -111,7 +111,7 @@ multidict==6.0.5
     # via
     #   aiohttp
     #   yarl
-orjson==3.9.15
+orjson==3.10.0
 packaging==23.1
     # via
     #   dask

diff --git a/services/autoscaling/requirements/_tools.txt b/services/autoscaling/requirements/_tools.txt
@@ -1,21 +1,19 @@
-aiohttp==3.8.6
+aiohttp==3.9.3
     # via black
 aiosignal==1.3.1
     # via aiohttp
 astroid==3.0.2
     # via pylint
 async-timeout==4.0.3
     # via aiohttp
-attrs==23.1.0
+attrs==23.2.0
     # via aiohttp
 black==23.12.0
 build==1.0.3
     # via pip-tools
 bump2version==1.0.1
 cfgv==3.4.0
     # via pre-commit
-charset-normalizer==3.3.2
-    # via aiohttp
 click==8.1.7
     # via
     #   black
@@ -26,19 +24,19 @@ distlib==0.3.8
     # via virtualenv
 filelock==3.13.1
     # via virtualenv
-frozenlist==1.4.0
+frozenlist==1.4.1
     # via
     #   aiohttp
     #   aiosignal
 identify==2.5.33
     # via pre-commit
-idna==3.4
+idna==3.6
     # via yarl
 isort==5.13.2
     # via pylint
 mccabe==0.7.0
     # via pylint
-multidict==6.0.4
+multidict==6.0.5
     # via
     #   aiohttp
     #   yarl
@@ -82,7 +80,7 @@ tomli==2.0.1
     #   pyproject-hooks
 tomlkit==0.12.3
     # via pylint
-typing-extensions==4.8.0
+typing-extensions==4.10.0
     # via
     #   astroid
     #   black
@@ -91,5 +89,5 @@ virtualenv==20.25.0
 watchdog==3.0.0
 wheel==0.42.0
     # via pip-tools
-yarl==1.9.2
+yarl==1.9.4
     # via aiohttp
diff --git a/services/catalog/requirements/_base.txt b/services/catalog/requirements/_base.txt
@@ -91,7 +91,7 @@ multidict==6.0.5
     # via
     #   aiohttp
     #   yarl
-orjson==3.9.15
+orjson==3.10.0
     # via fastapi
 packaging==24.0
 pamqp==3.3.0

diff --git a/services/clusters-keeper/requirements/_base.txt b/services/clusters-keeper/requirements/_base.txt
@@ -111,7 +111,7 @@ multidict==6.0.5
     # via
     #   aiohttp
     #   yarl
-orjson==3.9.15
+orjson==3.10.0
 packaging==23.1
     # via
     #   dask