From b8a7e10c664db85a170dbe76a391bc3035044da8 Mon Sep 17 00:00:00 2001
From: Erik Jaegervall <erik.jaegervall@se.bosch.com>
Date: Fri, 10 Nov 2023 10:26:45 +0100
Subject: [PATCH] Fix dependency vulnerability

---
 kuksa_apps/s3/requirements.in  | 18 ++++++++++
 kuksa_apps/s3/requirements.txt | 60 ++++++++++++++++++++++++++++++++--
 2 files changed, 75 insertions(+), 3 deletions(-)
 create mode 100644 kuksa_apps/s3/requirements.in

diff --git a/kuksa_apps/s3/requirements.in b/kuksa_apps/s3/requirements.in
new file mode 100644
index 000000000..c668a0086
--- /dev/null
+++ b/kuksa_apps/s3/requirements.in
@@ -0,0 +1,18 @@
+# For creating/distributing a binary, all dependencies should
+# be pinned to specific versions in order to provide for a reproducible
+# build.
+#
+# The 'pip-tools' package's 'pip-compile' command can be used for that
+# purpose. The following command will take the inputs from this file
+# and create a 'requirements.txt' file with pinned versions of all
+# dependencies:
+#
+# pip-compile --upgrade requirements.in
+#
+# If you depend on pre-releases (of e.g. kuksa-client) use
+#
+# pip-compile --pre --upgrade requirements.in
+
+kuksa-client
+boto3
+pyarrow
diff --git a/kuksa_apps/s3/requirements.txt b/kuksa_apps/s3/requirements.txt
index a8b567c6a..ab7de8654 100644
--- a/kuksa_apps/s3/requirements.txt
+++ b/kuksa_apps/s3/requirements.txt
@@ -1,3 +1,57 @@
-kuksa-client
-boto3~=1.26.24
-pyarrow~=10.0.1
+#
+# This file is autogenerated by pip-compile with Python 3.10
+# by the following command:
+#
+#    pip-compile requirements.in
+#
+attrs==23.1.0
+    # via cmd2
+boto3==1.28.84
+    # via -r requirements.in
+botocore==1.31.84
+    # via
+    #   boto3
+    #   s3transfer
+cmd2==1.5.0
+    # via kuksa-client
+colorama==0.4.6
+    # via cmd2
+grpcio==1.59.2
+    # via grpcio-tools
+grpcio-tools==1.59.2
+    # via kuksa-client
+jmespath==1.0.1
+    # via
+    #   boto3
+    #   botocore
+jsonpath-ng==1.6.0
+    # via kuksa-client
+kuksa-client==0.4.1
+    # via -r requirements.in
+numpy==1.26.2
+    # via pyarrow
+ply==3.11
+    # via jsonpath-ng
+protobuf==4.25.0
+    # via grpcio-tools
+pyarrow==14.0.1
+    # via -r requirements.in
+pygments==2.16.1
+    # via kuksa-client
+pyperclip==1.8.2
+    # via cmd2
+python-dateutil==2.8.2
+    # via botocore
+s3transfer==0.7.0
+    # via boto3
+six==1.16.0
+    # via python-dateutil
+urllib3==2.0.7
+    # via botocore
+wcwidth==0.2.9
+    # via cmd2
+websockets==12.0
+    # via kuksa-client
+
+# The following packages are considered to be unsafe in a requirements file:
+# setuptools